New LucidLink Single Sign-On (SSO) SAML 2.0: Integration with Google

  • Updated

Target audience: Workspace administrators

This article is part of the New LucidLink Single Sign-On (SSO) SAML 2.0 implementation series of articles.

Requirements

  • Organization email domain configured and verified in the LucidLink Application or Webportal for your Workspace. Please use this article for the domain setup.
  • Admin Access to create the app in your Identity Provider's Admin Console.

Setup instructions

1. Start the integration within the LucidLink​ Application or Webportal

From the LucidLink Application or Webportal, click on the 3-dot menu next to the Workspace name and click on SSO Integration. Then click on the Set Up SSO button.

SSO Setup start.png

Obtain the values from the following 2 fields from the SSO configuration page to put into your IdP Admin Console in the next step:

  • Service Provider Consumer URL
  • Service Provider entity ID
SSO Config Start_new.png

2. Create a LucidLink app within the Google Workspace Admin Console:

From your Google Workspace Admin Console, click Apps from the sidebar then click Web and mobile apps from the list.

apps create menu.png

Click the Add App button and then choose Add custom SAML app from the menu:
add SAML app.png

Give the App a name and click Continue:

custom saml app step1.png

On the next page, Copy the SSO URL and Entity ID fields for use in the LucidLink SSO implementation; then click the Download button for the Certificate, and then click Continue.

google app settings.png

On the next page, enter the following values in the Service provider details panel:

  • ACS URL (Single sign-on URL value from LucidLink SSO Integration) 
  • Entity ID (Audience URI (SP Entity ID) value from LucidLink SSO Integration) 

Then click Continue.

IdP details.png

On the Attribute Mapping page add the following attribute, and then hit Finish.

Google Directory attributes (dropdown)  App attributes
Primary email email

attribute mapping.png

3. Finish the integration within the LucidLink​ SSO Integration tab:

Use the 2 fields that you copied from the Google Workspace Admin Console (SSO URL and Entity ID).

  • The SSO URL goes in the Single Sign-On URL field.
  • The Entity ID goes in the Identity Provider entity ID field.

Then upload the Identity provider certificate that you downloaded from the Google Workspace Admin Console (Google_<date>_SAML2_0.pem) and click Save.

You have done it!

You should now see the Google SSO setup in the LucidLink SSO Integration tab. You will need to select your authentication settings and then download the SSO Key to distribute to any users needing to authenticate to your Workspace via SSO.

sso complete.png

Enable User Access to your app within the Google Workspace Admin Console

You will need to make the managed app available to all users, specific groups, or organizational units before the users can authenticate within the LucidLink Application or Webportal.

Next Step:

Was this article helpful?

0 out of 0 found this helpful