Help Center Help Articles Professional Support Professional Integrators Community RMA & Warranty Downloads Tech Specs

UniFi Identity Enterprise - Add Google Workspace as an SSO App

When Google Workspace is added to Identity Enterprise as a single sign-on (SSO) app, admins can manage user access to Google Workspace in Identity Enterprise Manager, and users can access Google Workspace with their UniFi Identity Enterprise credentials.

Get Sign-On URL and Public Certificate from Identity Enterprise Manager

  1. Go to your Identity Enterprise Manager > SSO Apps.
  2. Click the Add icon on the upper right corner and select Google Workspace.
  3. Click Add. Copy the sign-on URL and download Public Certificate. You’ll need them when configuring SSO in Google Workspace

Configure SSO in Google Workspace

  1. Sign in to your Google Admin Console.
  2. Select Security > Authentication > SSO with third-party IdP.
  3. Click Edit SSO profile for your organization.
  4. Check the Set up SSO with third-party identity provider box.
  5. Fill in the following information:
    • Sign-in page URL: Paste the Sign-On URL copied from Identity Enterprise Manager. 
    • Sign-out page URL: Paste the Sign-On URL copied from Identity Enterprise Manager. 
    • Upload certificate: Browse and select the Public Certificate downloaded from Identity Enterprise Manager.
  6. (Optional) Tick the Use a domain-specific issuer checkbox as needed.
    • When ticked, Google sends an issuer-specific to your domain: google.com/a/example.com (where example.com is your primary Google Workspace domain name).
    • When unticked, Google sends the standard issuer in the SAML request: google.com.
  1. (Optional) Use the Network masks field to allow only a targeted subset of users to access your organization's Identity Enterprise site. Learn more about Google’s network masks.
  2. (Optional) Change password URL: Enter https://{your_workspace_domain}.ui.com. Note: If you enter a change password URL, users will be directed to that page even if SSO is not enabled for your organization.
  3. Click Save.

Configure SSO App Settings in Identity Enterprise Manager

  1. Go to your Identity Enterprise Manager > SSO Apps.
  2. Fill in the following information for the app selected:
    1. App name: Name this app.
    2. Your Google Apps company domain: Enter your Google App’s domain. For example, if your Google app’s sign-in URL is https://www.google.com/a/acme.com/..., then enter: acme.com.
    3. Display the following links: Select the Google apps that you want to display in the user’s Identity Enterprise Workspace or mobile/desktop apps.
    4. (Optional) Default Relay State: The SAML default relay state is the destination to which the user will be redirected after they have completed the authentication process at the IdP.
    5. Your Google Apps SP ACS URL: Enter your Google App’s domain. For example, if your Google app’s sign-in URL is https://www.google.com/a/acme.com/..., then enter: acme.com.
Was this article helpful?