Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Set up access to G-suite applications with Digital Access as identity provider

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Jan 30, 2024 by Josefin Klang (Deactivated)
3 min read

This article describes how to enable multi-factor authentication to the G-suite applications from Google. The configuration is done in two steps: first in Smart ID Digital Access component, and then in Google admin console. 

  • Deployed Digital Access component, see Deploy Digital Access component

  • User accounts and authentication methods configured. See also: Set up Smart ID authentication.

  • Access rule (called for example Google Apps) set up that requires strong authentication, with for example Smart ID Mobile App as authentication method.

  • Details for SAML federation:

    • Signing certificate for the SAML identity provider

    • EntityID for the service provider and identity provider

    • Redirect URL for the service provider

Configure G-Suite in Digital Access

In Digital Access, do the settings needed for the G-suite applications from Google.

  1. Log in to Digital Access Admin with an administrator account.

  1. Go to Manage system > Certificates

  2. Scroll down to Registered Server Certificates

  3. Verify that the certificate to be used is available, for example: idp-cert.

  1. Go to Manage Resource Access > SAML Federation.

  2. Click Add SAML Federation...

  3. Enter a Display Name, for example Google IDP.

  4. Check Acting as Identity Provider.

  5. Uncheck Import metadata automatically, since Google doesn’t use metadata as service provider.

  6. Go to the Export tab.

  7. Give a unique Entity ID: for example https://nexusville.com/cloudidp.

  8. Select the Signing Certificate, for example idp-cert.

  1. Go to the Role Identity Provider tab. 

  2. Add a service provider, to tell Digital Access where the Google Service Provider is located:
    Click Add Service Provider…

  3. Verify that SAML 2.0 is checked. Click Next >

  4. Do General Settings, for example enter a Display Name. The Entity ID must be unique within the federation. The Service Provider URL is where the IDP will redirect the user after successful authentication, so this must be an exact match with the google domain.

    Click Next >

  5. Set email as the unique identifier for the user, since that is what Google uses. This is used when Digital Access sends a SAML ticket to Google.
    In Subject > Select source of subject: select E-mail. The Manage Access Rules window opens.

  6. Select the already created access rule (for example called Google Apps), to define what authentication methods are allowed:
    In Available Access Rules: select Google Apps, and click Add >

  7. Click Finish Wizard to finish creating the Service Provider G Suite.

  8. Click Add to add the SAML Federation Google IDP. 

Configure in Google admin console

Set up Google to use Digital Access as a third-party identity provider.

Related information





Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions