›  Dashboard  ›  Configure  ›  Single sign-on authentication  ›  Using Google Workspace

Single sign-on authentication within Cloud Backup using Google Workspace

On this page

Setup flow

# Step Description
1 Turn SSO on Turn SSO on in the Infrascale Dashboard
2 Set SSO scope Select accounts to apply SSO for
3 Create SSO app Set up and configure Google Workspace app for SSO
4 Configure SSO Choose SSO configuration method and provide configuration details

Turn SSO on

To set up SSO, you need to turn it on first in the Infrascale Dashboard. For this:

  1. Sign in to the Infrascale Dashboard.

    Use an account with the administrator role.

  2. In the menu, go to SettingsSingle Sign-On.

    Menu item

    The SSO settings page opens.

  3. Select Enable Single Sign-On (SSO) to expand configuration settings.

    Configuration settings include the following groups:

    Group Description
    Enable SSO for This group of settings lets you set the SSO scope—that is, to select the predefined account groups and to specify individual accounts to apply SSO for
    Service Provider Settings This group includes settings to use when creating SSO app in Google Workspace
    Identity Provider Settings This group of settings lets you choose how to configure SSO and to provide configuration details

    SSO settings

  4. Continue with setting SSO scope.

Set SSO scope

You can set the scope of SSO—that is, to select accounts to apply SSO for.

To map accounts, account names on the service provider side (that is, within the Infrascale services) must match the account emails on the Google Workspace side.

In the Enable SSO for group, select one or more available account groups:

  • Dashboard admins to enable SSO for the Infrascale Dashboard accounts with the administrator role;

  • All backup accounts to enable SSO for all backup accounts;

  • Individual accounts to enable SSO only for specific Infrascale accounts.

    Enter one or more account usernames separated by comma, space, or semicolon.

SSO scope

Continue with creating SSO app in Google Workspace.

Create SSO app

This section covers only the basic instructions on creating an SSO app in Google Workspace. For more details, see the Google Workspace Admin Help.

  1. Sign in to the Google Admin console.

    Use an account with the Super Admin role.

  2. In the menu, go to AppsWeb and mobile apps.

    Web and mobile apps

  3. On the toolbar, click Add app, and then select Add custom SAML app.

    Add custom SAML app

    The app creation wizard opens.

  4. On the App details step, provide the basic information about the app, and then click CONTINUE.

    App details

  5. On the Google Identity Provider details step:

    • To configure SSO later in the Infrascale Dashboard using metadata, download the metadata file.

      Download metadata file

    • To configure SSO later in the Infrascale Dashboard manually, сopy and save SSO URL, Entity ID, and Certificate.

      Infrascale Dashboard accepts SAML certificates as CER or CERT files. If you copy the Google SAML certificate, save it to the file with .cer or .cert extension. If you download the Google SAML certificate, change the file name extension from .pem to .cer or .cert.

      Copy data for manual configuration

    Click CONTINUE.

  6. On the Service provider details step:

    • In the ACS URL box, enter the reply URL address.

      You can find the reply URL address on the Infrascale Dashboard SSO settings page in the Reply URL box.

    • In the Entity ID box, enter the service provider entity ID.

      You can find the service provider entity ID on the Infrascale Dashboard SSO settings page in the Service Provider Entity ID box.

    Enter service provider details

    Click CONTINUE.

  7. On the Attribute mapping step, click FINISH.

  8. Turn on the newly created app. For this:

    1. Click the User access panel.

      User access panel

    2. Select ON for everyone.

      This turns the app on for everyone in the organization. To turn the app on for a specific organizational unit or a group of users, see details in the Google Workspace Admin Help.

    3. Click SAVE to apply changes.

    User access settings

Continue with configuring SSO in the Infrascale Dashboard.

Configure SSO

To configure SSO in the Infrascale Dashboard, you must provide the SAML metadata. For this, in the Identity Provider Settings group, choose one of the following options:

Identity provider settings

Using metadata file

With this option, the system retrieves SSO configuration data from the metadata file you upload.

  1. Go to the SSO settings page in the Infrascale Dashboard.

  2. In the Identity Provider Settings group, select Using metadata file, and then import the metadata file you obtained when creating the SSO app in Google Workspace.

    Import metadata file

  3. Click Save to apply changes.

Manually

With this option, you manually enter the minimum required data and upload the certificate to configure SSO.

  1. Go to the SSO settings page in the Infrascale Dashboard.

  2. In the Identity Provider Settings group, select Manually, and then:

    1. In the Entity ID box, enter the Entity ID you copied earlier from Google Workspace when creating the SSO app.

    2. In the Login URL box, enter the SSO URL you copied earlier from Google Workspace when creating the SSO app.

    3. Import the SAML certificate you downloaded earlier from Google Workspace when creating the SSO app.

    4. Click Save to apply changes.

    Configure SSO manually