BMS Auth & Provision | SSO with Google Workspace

Introduction

This KB article takes you through the steps required to integrate Google Workspace with BMS with SSO process.

Prerequisite

You should have an active Google Workspace admin account (https://admin.google.com/?pli=1).

Setting up Google Workspace

  1. Login and navigate to the admin dashboard.
  2. Once you navigate to the admin dashboard, go to Apps > Web and mobile apps > Add App > Add custom SAML app.
    Google_workspace8.png

App Details

  1. Fill in the app name, description and attach an app icon.
  2. Click Continue.
    Google_workspace9.png

Google Identity Provider Details

  1. ACS URL: Enter the ACS URL. The ACS URL should be in the format https://<your PSA server URL>/SAML/Connect.aspx.
  2. Entity ID: Enter your PSA server URL in the format https://<BMS server name>.com.
  3. Select the Signed response checkbox.
  4. Name ID format: Select Email.
  5. Name ID: Select Basic information > Primary email.
  6. Click Continue.
    Google_workspace11.PNG

Attribute Mapping

Below are the attributes used in Google Workspace.

Google Directory Attributes App Attributes
Primary email email
First name firstname
Last name lastname
Primary email username
CompanyName kaseya support

Google_workspace12.PNG

Please note that CompanyName is a custom attribute.

How to create a custom attribute

  1. Navigate to Directory > user > More options > Add custom attributes.
  2. From the Category dropdown, select Custom attribute.
  3. In the Custom Fields field, enter CompanyName.
  4. From the Info Type dropdown, select Text.
  5. From the Visibility dropdown, select Visibility to user and admin.
  6. From the No. of Values dropdown, select Single Value.
  7. Click Save.
    Google_workspace13.PNG

    Google_workspace14.PNG


Custom Attribute and its Application

In the Custom App

The custom attribute will be used in two places.

  1. Navigate to Apps and click SAML attributes mapping.
    Google_workspace15.PNG
  2. Click Add mapping.
    Google_workspace16.PNG
  3. Click Select field.
    Google_workspace17.PNG
  4. Move your cursor to the extreme bottom and select the custom attribute which you have created.
    Google_workspace18.PNG
  5. Enter your tenant name. (To find out the tenant name, go to BMS > My Profile > My Settings > Company Name. The company name is the tenant name. It is case sensitive.)
    Google_workspace5.png
  6. Click Save.

User for Whom the SSO Needs to be Enabled

  1. Navigate to Users. Click the name of the particular user.
    Google_workspace19.PNG
  2. Expand User information.
    Google_workspace20.PNG
  3. Click Edit and add your tenant name.
    Google_workspace21.PNG
  4. Enter your tenant name. (To find out the tenant name, go to BMS > My Profile > My Settings > Company Name. The company name is the tenant name. It is case sensitive.)
    Google_workspace4.png

    Google_workspace23.PNG

User Access for the App Created

  1. Click User access.
    Google_workspace6.png
  2. Select the users.
  3. Click Save.

Custom SAML Login Endpoint URL

  1. Use the below URL to enter in the BMS setup which is known as SAML Login Endpoint URL. https://accounts.google.com/o/saml2/initsso?idpid= {idpid} &spid= {spid}
    Example: https://accounts.google.com/o/saml2/initsso?idpid=C03wa36w9&spid=261115767292
  2. The below screenshot explains where to get the IDPID and SPID.
  3. Navigate to Apps > Web and mobile apps > Download Metadata.
    Google_workspace3.png
  4. Copy the above URL and paste it into the BMS setup.
  5. Navigate to Admin > My Company > Auth & Provision and paste the SAML Login Endpoint URL.
    Google_workspace1.png

Downloading the certificate

  1. Download the certificate.
    Google_workspace2.png
  2. Important: Once the file is downloaded, go to the Downloads folder, right-click and rename the file with .cer file extension in case it shows some other file extension.
  3. After the extension is changed, add the file to BMS.
    Google_workspace25.PNG
  4. Select the file, click Upload Certificate, and then click Save

BMS Setup

  1. Navigate to HR > Employees. Open the particular user's profile and enable SSO for the user.
    Google_workspace24.PNG
  2. Once the SSO has been enabled for the user, the user will be able to log into the BMS instance now with the gateway URL. The user can also click on it.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us
Provide feedback for the Documentation team!