Google Workspace
LoginRadius supports Single Sign-On (SSO) using the SAML 2.0 protocol, enabling seamless integration with enterprise identity providers such as Google Workspace. By configuring Google Workspace as a Custom Identity Provider (IDP), your users can authenticate using their existing Google credentials, allowing for a secure and streamlined login experience across your applications. This integration enables you to:
- Authenticate users using their Google Workspace accounts.
- Offer secure and streamlined access to applications.
- Customize the login experience via LoginRadius’s hosted or embedded login interfaces.
- Leverage federated identity management with SAML support.
Use Cases
This setup is ideal for:
- Organizations using Google Workspace as their centralized identity provider.
- Businesses looking to simplify user onboarding and management across multiple apps.
- Enterprises that require SSO for internal tools secured by Google Workspace.
- Multi-tenant SaaS platforms enabling organization-specific Google SSO.
Configuration
To integrate Google Workspace with LoginRadius as a Custom Identity Provider, you must complete configuration steps in your Google Admin Console and the LoginRadius Console. The setup involves registering LoginRadius as a SAML application in Google Workspace and linking the corresponding details to your LoginRadius Console.
- Google Workspace Provider
- LoginRadius Console
Before configuring LoginRadius, you'll need to set up LoginRadius as a SAML app within Google Workspace.
-
Sign in to Google Admin Console using your super administrator account.
-
Navigate to Menu > Apps > Web and mobile apps.
-
Click Add App > Add custom SAML app.
Enter the app name and, optionally, upload an icon for your app. The icon appears on the Web and mobile apps list, the app settings page, and the app launcher. If you don't upload an icon, one is created using the first two letters of the app name.
-
Click Continue, and on the Google Identity Provider details page, get the setup information needed by the service provider using one of these options:
- Download the IDP metadata.
- Copy the SSO URL and Entity ID and download the Certificate.
Enter the following information in the Service Provider Details section during setup.
| Field | Value |
|---|---|
| ACS (Assertion Consumer Service) URL | https://<Site Name>.hub.loginradius.com/service/saml/sp/login |
| Entity ID | https://<Site Name>.hub.loginradius.com/ |
| SLO URL and sign-out URL | https://<LoginRadius Site Name>/service/saml/idp/logout?appname=<SAMLAppName> |
To complete the setup, log in to your LoginRadius Console and configure the following under Authentication Providers > Custom IDPs > Add Custom IDP > Google Workspace.
- Name: Enter a unique name for your Google Workspace integration.
- ID Provider Location: Enter the location to which an SP (Service Provider) sends assertions using whichever protocol and binding it shares with the IDP (Identity Provider).
- ID Provider Logout URL: Enter the Sign-Out Endpoint that you get from the SAML account.
- ID Provider Certificate: Paste the X.509 certificate content into the LoginRadius Console's certificate field.
After saving the configuration, a confirmation screen will appear, along with detailed instructions under the Tutorial tab. These steps will guide you through completing the setup within the Google Workspace Admin Console.
For advanced settings or changes, navigate to the Configuration tab.
Integration Details
You can integrate Google Workspace as Custom IDP with your application using any of the following LoginRadius methods:
- JavaScript Library: Automatically displays Google Workspace as an option if the Custom IDP has been enabled and configured.
- Hosted Login Page: Redirect users to your LoginRadius Hosted Page with the Custom IDP configured.