Home
Integrity
Control
Solutions

Common configuration for Google Workspace - authentication for Fortified ID products

Scenario

In this scenario, Google Workspace will be used as the IdP to authenticate to a Fortified ID product (in the example below Forms is used as the Fortified ID product).

The integration between the Fortified ID product and Google is federation-based (SAML2). Google will pass user attributes necessary for identification, and potentially additional attributes for delegated administration purposes.

Prerequisite

There are some prerequisite for this use case. You will need the following:

  • Google administration rights.

  • Host (DNS) name of the Fortified ID product service (external access)

  • Fortified ID product installed

  • Fortified ID product SP (SAML Service Provider) configured

Configuration

Update Google to trust Integrity

Trust need to be established between the primary IdP (Google) and the SP (Fortified ID product ).

Create custom SAML app

  • Login to Google admin console (admin.google.com) as an administrator

  • In the left hand menu, select Apps->Web and mobile apps

  • Click Add app -> Add custom SAML app

  • Enter a name of the app, Fortified ID Forms

  • Continue

  • Click Download IdP metadata

  • Place the downloaded IDP metadata file in /customer/config/resources_external/saml_idp_metadata/ on your Forms server. Verify that the name of the file is GoogleIDPMetadata.xml.

  • Continue

  • Enter ACS URL = https://<your_forms_dns_name>/forms/authn/login

  • Enter Entity ID = FortifiedID_Forms

  • Leave the Name ID part unchanged

  • Continue

  • Click Add mapping

  • Select the Google Directory attribute field containing the email value

  • Enter App attributes = mail

  • Click Add mapping

  • Select the Google Directory attribute field containing the value used to connect the delegated admin with subordinates, for example department

  • Enter App attributes = department

  • Finish

  • On the User Access part of the app configuration, click Expand (down arrow)

  • Change the Service status. Select the group or OU that should be allowed to access Forms. (For example, teachers)

Update Forms to trust Google

  • Restart the Forms service

PreviousCommon configuration for Google Workspace - Directory APINextDelegated administration for Google Workspace - teacher updates student guardians

Last updated