How To Setup SSO with Google Apps

This article explains how to setup SSO with Google Apps from OpenSSO. The prerequisits are:

  1. You should have premium account from Google AppsThe premium account is needed since only it supports Single Sign On (SSO). While registerring make sure to enter the correct domain name where you have internet facing machine, since it will make sure you have full control of this domain by telling you to add random generated key to an html file.
  2. Grab latest OpenSSO and deploy, configure in the domain registered with Google Apps.

Now how to setup Google Apps from OpenSSO.

  1. Go to your OpenSSO instance and login as amadmin
  2. On Common task tab,  click on "Create Hosted Identity Provider" to created hosted IDP and circle of trust (COT).
    1. On this page you can accept all default values.
    2. Enter COT name such as "COTGoogleApps"
    3. Enter signing cert alias. You can use "test" cert alias.
    4. Click on Configure.
    5. After successful creation of it, click on Finish to come back to Common Task Tab.
  3. Now create a user with the same name as the user created on Google Apps.
    1. Click on Access Control tab.
    2. Click on Top Level realm
    3. Click on Subjects.
    4. Now Click on New to create new user.
    5. Enter user id same as Google Apps user name.
    6. Enter other mandatory fields and click on Create
  4. Go back to Common Task tab. You can do this by click on "Back to Access Control" and then clicking on first tab "Common Task".
  5. Click on "Configure Google Apps".
    1. Make sure correct IDP and COT values are picked up.
    2. Enter the domain name you have registered with Google Apps
    3. Click on Create.
    4. After successful creation success message will be displayed. Click Ok on the dialoag box to retrive the data. This data should be entered on the Google Apps side.
  6. Now from other browser window, go to Google Apps. Login as a admin user for your domain.
    1. Click the Advanced Tools tab, and then click the Set up Single Sign-on (SSO) link
    2. Mark the Enable Single Sign-On checkbox.
    3. Copy the URLs from OpenSSO and paste them in the Google Apps setup screen. Copy the Verification Certificate text into a file, and upload the new text file to the Google Apps Verification Certificate.
    4. Save the changes in the Google Apps setup screen.
    5. Logout from Google Apps and the OpenSSO Console

How to test SSO between OpenSSO and Google Apps.

  1. Goto Google Apps Dashboard. Enter Domain name and select "Go to Email" from drop down box. Click Go.
  2. Now the Google Apps will redirect the user to OpenSSO login screen. Enter the user name which you created on OpenSSO side.
  3. After successful authentication, Gmail inbox will be loaded.

How about Logout?

  1. Logout link from Gmail page will logout sessions from Google side as well as from OpenSSO side. Thus OpenSSO login screen will be displayed.
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact