›  Dashboard  ›  Configure  ›  Single sign-on authentication  ›  Using Google Workspace

    Single sign-on authentication within Cloud Backup using Google Workspace

    • Summary:Description of and steps to set up and configure single sign-on authentication for the Dashboard and for Online Backup and Recovery Manager using Google Workspace.
    • 6 min read
    On this page

    Setup flow

    # Step Description
    1 Turn SSO on Turn SSO on in the Infrascale Dashboard
    2 Set SSO scope Select accounts to apply SSO for
    3 Create SSO app Set up and configure Google Workspace app for SSO
    4 Configure SSO Choose SSO configuration method and provide configuration details

    Turn SSO on

    To set up SSO, you need to turn it on first in the Infrascale Dashboard. For this:

    1. Sign in to the Infrascale Dashboard.

      Use an account with the administrator role.

    2. In the menu, go to SettingsSingle Sign-On.

      Menu item

      The SSO settings page opens.

    3. Select Enable Single Sign-On (SSO) to expand configuration settings.

      Configuration settings include the following groups:

      Group Description
      Enable SSO for This group of settings lets you set the SSO scope—that is, to select the predefined account groups and to specify individual accounts to apply SSO for
      Service Provider Settings This group includes settings to use when creating SSO app in Google Workspace
      Identity Provider Settings This group of settings lets you choose how to configure SSO and to provide configuration details

      SSO settings

    4. Continue with setting SSO scope.

    Set SSO scope

    You can set the scope of SSO—that is, to select accounts to apply SSO for.

    To map accounts, account names on the service provider side (that is, within the Infrascale services) must match the account emails on the Google Workspace side.

    In the Enable SSO for group, select one or more available account groups:

    • Dashboard admins to enable SSO for the Infrascale Dashboard accounts with the administrator role;

    • All backup accounts to enable SSO for all backup accounts;

    • Individual accounts to enable SSO only for specific Infrascale accounts.

      Enter one or more account usernames separated by comma, space, or semicolon.

    SSO scope

    Continue with creating SSO app in Google Workspace.

    Create SSO app

    This section covers only the basic instructions on creating an SSO app in Google Workspace. For more details, see the Google Workspace Admin Help.

    1. Sign in to the Google Admin console.

      Use an account with the Super Admin role.

    2. In the menu, go to AppsWeb and mobile apps.

      Web and mobile apps

    3. On the toolbar, click Add app, and then select Add custom SAML app.

      Add custom SAML app

      The app creation wizard opens.

    4. On the App details step, provide the basic information about the app, and then click CONTINUE.

      App details

    5. On the Google Identity Provider details step:

      • To configure SSO later in the Infrascale Dashboard using metadata, download the metadata file.

        Download metadata file

      • To configure SSO later in the Infrascale Dashboard manually, сopy and save SSO URL, Entity ID, and Certificate.

        Infrascale Dashboard accepts SAML certificates as CER or CERT files. If you copy the Google SAML certificate, save it to the file with .cer or .cert extension. If you download the Google SAML certificate, change the file name extension from .pem to .cer or .cert.

        Copy data for manual configuration

      Click CONTINUE.

    6. On the Service provider details step:

      • In the ACS URL box, enter the reply URL address.

        You can find the reply URL address on the Infrascale Dashboard SSO settings page in the Reply URL box.

      • In the Entity ID box, enter the service provider entity ID.

        You can find the service provider entity ID on the Infrascale Dashboard SSO settings page in the Service Provider Entity ID box.

      Enter service provider details

      Click CONTINUE.

    7. On the Attribute mapping step, click FINISH.

    8. Turn on the newly created app. For this:

      1. Click the User access panel.

        User access panel

      2. Select ON for everyone.

        This turns the app on for everyone in the organization. To turn the app on for a specific organizational unit or a group of users, see details in the Google Workspace Admin Help.

      3. Click SAVE to apply changes.

      User access settings

    Continue with configuring SSO in the Infrascale Dashboard.

    Configure SSO

    To configure SSO in the Infrascale Dashboard, you must provide the SAML metadata. For this, in the Identity Provider Settings group, choose one of the following options:

    Identity provider settings

    Using metadata file

    With this option, the system retrieves SSO configuration data from the metadata file you upload.

    1. Go to the SSO settings page in the Infrascale Dashboard.

    2. In the Identity Provider Settings group, select Using metadata file, and then import the metadata file you obtained when creating the SSO app in Google Workspace.

      How to obtain the SAML metadata file

      If you somehow did not save the metadata file when creating the SSO app, you can obtain it as follows:

      1. Sign in to the Google Admin console.

        Use an account with the Super Admin role.

      2. In the menu, go to AppsWeb and mobile apps.

      3. Find and click the SSO app you have created earlier.

      4. On the SSO app page, click DOWNLOAD METADATA.

      5. In the open dialog, click DOWNLOAD METADATA.

      Obtain metadata file

      Import metadata file

    3. Click Save to apply changes.

    Manually

    With this option, you manually enter the minimum required data and upload the certificate to configure SSO.

    1. Go to the SSO settings page in the Infrascale Dashboard.

    2. In the Identity Provider Settings group, select Manually, and then:

      1. In the Entity ID box, enter the Entity ID you copied earlier from Google Workspace when creating the SSO app.

      2. In the Login URL box, enter the SSO URL you copied earlier from Google Workspace when creating the SSO app.

      3. Import the SAML certificate you downloaded earlier from Google Workspace when creating the SSO app.

      4. Click Save to apply changes.

      How to obtain the SAML metadata for manual SSO configuration

      If you did not save the metadata for manual SSO configuration when creating the SSO app, you can obtain it as follows:

      1. Sign in to the Google Admin console.

        Use an account with the Super Admin role.

      2. In the menu, go to AppsWeb and mobile apps.

      3. Find and click the SSO app you have created earlier.

      4. On the SSO app page, click DOWNLOAD METADATA.

      5. In the open dialog, you can find SSO URL, Entity ID, and Certificate.

        Infrascale Dashboard accepts SAML certificates as CER or CERT files. If you copy the Google SAML certificate, save it to the file with .cer or .cert extension. If you download the Google SAML certificate, change the file name extension from .pem to .cer or .cert.

      Obtain metadata for manual SSO configuration

      Configure SSO manually