3min
Google Workspace
BlokSec can be configured to support passwordless login to your Google Workspace.
The BlokSec <> Google Workspace integration enables authentication via the SAML protocol. Configuration involves a few simple steps on both the BlokSec admin UI and the Google Workspace admin console.
BlokSec Admin UI
- Sign into BlokSec admin UI as a user with admin privileges for your tenant
- On the main dashboard, click the Add Application drop-down and select Create From Template, and select Google Workspace
- Complete the application details as follows and submit:
- Name: Google Workspace (or your desired application name – we will assume this is called ‘Google’ for the remainder of this article)
- Entity ID: https://www.google.com/a/<your domain>/acs (for example: https://www.google.com/a/bloksec.com/acs)
- NameID Source: Account name
- Assertion Consumer Service: https://www.google.com/a/<your domain>/acs (for example: https://www.google.com/a/bloksec.com/acs)
- Name ID Format: EmailAddress (keep default value of EmailAddress)
- Click Submit to save the configuration
- Click View Cert and then select Copy. Paste the certificate in a text editor of your choice and save the file as BlokSecGoogleCert.pem
- Make note of the SSO Uri as it will be required when configuring Google Workspace
Google Workspace Admin Console
- Sign into the Google Workspace admin console as a user with admin privileges for your tenant
- Navigate to Security > Setup single sign-on (SSO) with a third party IdP
- Complete the identity provider configuration with the following values (adjusting if required to meet your desired behaviour):
- Sign-in page URL: Copy / enter the SSO Uri noted in step 6 above
- Sign-out page URL: https://mail.google.com/a/<your domain> (for example https://mail.google.com/a/bloksec.com)
- Verification certificate: Upload the certificate file saved in step 5 above
- Click Save to apply the configuration changes
- Send your users the following URL to login via passwordless https://mail.google.com/a/<your domain> (for example https://mail.google.com/a/bloksec.com)