Configuring Single Sign-On (SSO) with Google Apps
Prerequisite - Google Apps Account with Admin Permissions
Google Apps Setup
Login to the Admin Portal of your Google Apps Account and go To Apps.
You can view a list of Google Apps and Services or existing SAML Applications in App Settings.
- Once inside SAML Apps, add a new SAML app by clicking on the + icon and select "Setup My Own Custom App"
- Get the IDP Information i.e. SSO URL, Entity ID and Certificate on the next step. The IDP metadata is required to configure Kumolus to allow access through Google Apps SAML Authentication.
- On the next step, provide a Name, Description and Logo for the Custom App. This will be used to identify the custom app for everyone on your Google Apps directory
- Map relevant attributes i.e. Name, Given Name, Role and Email Address to the SAML Application through Attribute Mapping on the next step.
- For Role Mapping you will have to consider Kumolus Roles and map it to a Custom Field named "Department" in your Google Apps Account. This field is required to assign appropriate access levels in Kumolus CMP.
|Attribute||Google Apps Field Mapping|
|Given Name||First Name|
|E-Mail Address||Primary Email|
You can visit the Access Management page to know how to create the Roles in Kumolus and set Allow/Deny permissions for actions based on Department (Role).
- You can click on Add New Mapping to create additional mappings as requested by the SAML Application.
- Next, we will use the metadata and mappings to configure Google SSO in Kumolus.
- Login to the Kumolus Marketplace
In the Settings menu, Select Appliance
Enter your -
|EntityID||Copy Entity ID obtained from Google Apps Metadata|
|LoginURL||Copy SSO URL from Google Apps Metadata|
|LogoutURL||Copy SSO URL from Google Apps Metadata|
|Certificate||Certificate obtained from Google Apps Metadata|
- Once the above steps are complete, you need to enable the Kumolus SAML App for everyone or Selected Organizations, as per your requirement and you can start accessing Kumolus CMP through your Google Apps/Gmail Login.
- The new app will be available as a Drop Down in your Organization's Google Apps Menu for all relevant users.
- Users can click on the Kumolus-SSO app and access the Kumolus Cloud Management Platform.