Overview
The following instructions are for creating a SAML-based SSO connection through Google Workspace.
Set up your own custom SAML app
-
Sign in to your Google Admin console, using an account with super administrator privileges.
-
In the Admin console, go to Menu > Apps > Web and mobile apps.
- Click Add App > Add custom SAML app.
- On the App Details page:
- Enter the name of the custom app.
- (Optional) Upload an app icon.
- Click Continue.
- On the Google Identity Provider details page, get the setup information needed by the service provider using one of these options:
- Download the IDP metadata.
- Copy the SSO URL and Entity ID and download the Certificate.
- In a separate browser tab or window, sign into PhishingBox
- Navigate to one of the following:
- For portal SSO: Administration > Settings > Account Settings > SSO tab .
- For school SSO: Administration> Settings > School Settings > SSO tab.
- Enter the information you copied in Step 6 (SSO URL --> ACS Endpoint URL and Entity ID --> Issuer URL) into the PhishingBox SSO configuration page:
- Open the downloaded Certificate in your preferred text editor and copy all the contents.
- Paste the Certificate contents into the 'x.509 Certificate' field under Identity Provider (IDP) Settings in PhishingBox:
- Click "Save"
- Return to the Google Admin Console.
- Click "Continue".
- In the Service Provider Details window, enter the ACS URL, Entity ID from the PhishingBox portal.
- Set the Name ID format to email.
- The default Name ID is the primary email.
- Click "Continue".
- Click "Finish".
NOTE: If the Admin Portal or School URLS are updated, the APP will need to be reconfigured with the updated EntityId, ACS and Single Logout URL
Turn on your SAML app
-
Sign into your Google Admin console, using an account with super administrator privileges.
-
In the Admin console, go to Menu > Apps > Web and mobile apps.
- Select your SAML app.
-
Click "User access".
-
To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click "Save".
-
(Optional) To turn a service on or off for an organizational unit:
- At the left, select the organizational unit.
- To change the Service status, select On or Off.
- Choose one:
- If the Service status is set to Inherited and you want to keep the updated setting, even if the parent setting changes, click Override.
- If the Service status is set to Overridden, either click Inherit to revert to the same setting as its parent, or click Save to keep the new setting, even if the parent setting changes.
-
To turn on a service for a set of users across or within organizational units, select an access group.
- Ensure that the email addresses your users use to sign in to the SAML app match the email addresses they use to sign in to your Google domain.
NOTE: Changes can take up to 24 hours but typically happen more quickly.
Using the App
Once the app is created and configured, the app will appear in 'Google apps'.
Custom apps will appear at the bottom of this list. The link address can be copied by right-clicking the app and selecting "Copy link address". You can place this link in the "App embed link" field (Administration > Settings > School Settings OR Account Settings > Portal SSO tab) so the {school_app_embed_link}
and {portal_app_embed_link}
variables can be used in system emails. Placing this link in system emails will allow students/admins to sign-in directly from the system email.
Comments
0 comments
Please sign in to leave a comment.