Integrating Google Workspace with Identity Hub

UniFi Identity Hub allows you to centrally manage users by integrating with Google Workspace as your Identity Provider (IdP). This enables seamless SAML-based SSO access to services like VPN, WiFi, and Door Access through the Identity Endpoint App.

If you have not done so yet, start by Creating an Identity Hub for Your Organization.

Requirement

A supported Google Workspace Subscription: Frontline Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, or Enterprise Essentials Plus.
- See Compare Google Workspace Editions to learn more.
Your Identity Hub must have Secure LDAP Connectivity with Google.

Set Up Google SAML and Sync Users

Sign in to your Google Admin console and navigate to Apps > Web and mobile Apps.
Go to Add app > Add custom SAML app.

Provide the requested app details, and click Continue.

Click DOWNLOAD METADATA and click Continue.

Go back to your Identity Hub, copy the ACS URL and Entity ID, and paste them into your Google Admin.

Click FINISH.
Upload the downloaded Google IdP Metadata file and click Next.

Go to Google Admin > Apps > LDAP. If you do not see the LDAP tab, use the search bar to look for LDAP, and open it.
Click Add Client and enter the app name.
Grant all Access Permissions:
- Tick Entire domain options in Verify user credentials and Read user information fields.
- Enable Read group information.

image (8).png

Click Add LDAP Client.
Download the certificate and unzip it. Click CONTINUE TO CLIENT DETAILS.

Navigate back to Identity Hub and upload the certificate and key file.
Enter the primary domain. You can find it in Google Admin Console > Account > Domains > Manage domains.