Common configuration for Google Workspace - authentication for Fortified ID products

Scenario

In this scenario, Google Workspace will be used as the IdP to authenticate to a Fortified ID product (in the example below Forms is used as the Fortified ID product).

The integration between the Fortified ID product and Google is federation-based (SAML2). Google will pass user attributes necessary for identification, and potentially additional attributes for delegated administration purposes.

Prerequisite

There are some prerequisite for this use case. You will need the following:

Google administration rights.
Host (DNS) name of the Fortified ID product service (external access)
Fortified ID product installed
Fortified ID product SP (SAML Service Provider) configured

Configuration

Update Google to trust Integrity

Trust need to be established between the primary IdP (Google) and the SP (Fortified ID product ).

Create custom SAML app

Login to Google admin console (admin.google.com) as an administrator
In the left hand menu, select Apps->Web and mobile apps
Click Add app -> Add custom SAML app
Enter a name of the app, Fortified ID Forms
Continue
Click Download IdP metadata
Place the downloaded IDP metadata file in /customer/config/resources_external/saml_idp_metadata/ on your Forms server. Verify that the name of the file is GoogleIDPMetadata.xml.
Continue
Enter ACS URL = https://<your_forms_dns_name>/forms/authn/login
Enter Entity ID = FortifiedID_Forms
Leave the Name ID part unchanged
Continue
Click Add mapping
Select the Google Directory attribute field containing the email value
Enter App attributes = mail
Click Add mapping
Select the Google Directory attribute field containing the value used to connect the delegated admin with subordinates, for example department
Enter App attributes = department
Finish
On the User Access part of the app configuration, click Expand (down arrow)
Change the Service status. Select the group or OU that should be allowed to access Forms. (For example, teachers)

Update Forms to trust Google

Restart the Forms service

PreviousCommon configuration for Google Workspace - Directory API NextDelegated administration for Google Workspace - teacher updates student guardians

Last updated 10 months ago

Scenario

In this scenario, Google Workspace will be used as the IdP to authenticate to a Fortified ID product (in the example below Forms is used as the Fortified ID product).

Configuration

Update Google to trust Integrity

Trust need to be established between the primary IdP (Google) and the SP (Fortified ID product ).

Create custom SAML app

In the left hand menu, select Apps->Web and mobile apps

Click Add app -> Add custom SAML app

Enter a name of the app, Fortified ID Forms

Continue

Click Download IdP metadata

Place the downloaded IDP metadata file in /customer/config/resources_external/saml_idp_metadata/ on your Forms server. Verify that the name of the file is GoogleIDPMetadata.xml.

Continue

Enter ACS URL = https://<your_forms_dns_name>/forms/authn/login

Enter Entity ID = FortifiedID_Forms

Leave the Name ID part unchanged

Continue

Click Add mapping

Select the Google Directory attribute field containing the email value

Enter App attributes = mail

Click Add mapping

Select the Google Directory attribute field containing the value used to connect the delegated admin with subordinates, for example department

Enter App attributes = department

Finish

On the User Access part of the app configuration, click Expand (down arrow)

Change the Service status. Select the group or OU that should be allowed to access Forms. (For example, teachers)

Update Forms to trust Google

Restart the Forms service