Google Workspace

BlokSec can be configured to support passwordless login to your Google Workspace.

The BlokSec <> Google Workspace integration enables authentication via the SAML protocol. Configuration involves a few simple steps on both the BlokSec admin UI and the Google Workspace admin console.

BlokSec Admin UI

  1. Sign into BlokSec admin UI as a user with admin privileges for your tenant
  2. On the main dashboard, click the Add Application drop-down and select Create From Template, and select Google Workspace
  3. Complete the application details as follows and submit:
    • Name: Google Workspace (or your desired application name – we will assume this is called ‘Google’ for the remainder of this article)
    • Entity ID: https://www.google.com/a/<your domain>/acs (for example: https://www.google.com/a/bloksec.com/acs)
    • NameID Source: Account name
    • Assertion Consumer Service: https://www.google.com/a/<your domain>/acs (for example: https://www.google.com/a/bloksec.com/acs)
    • Name ID Format: EmailAddress (keep default value of EmailAddress)
  4. Click Submit to save the configuration
  5. Click View Cert and then select Copy. Paste the certificate in a text editor of your choice and save the file as BlokSecGoogleCert.pem
  6. Make note of the SSO Uri as it will be required when configuring Google Workspace

Google Workspace Admin Console

  1. Sign into the Google Workspace admin console as a user with admin privileges for your tenant
  2. Navigate to Security > Setup single sign-on (SSO) with a third party IdP
  3. Complete the identity provider configuration with the following values (adjusting if required to meet your desired behaviour):
    • Sign-in page URL: Copy / enter the SSO Uri noted in step 6 above
    • Sign-out page URL: https://mail.google.com/a/<your domain> (for example https://mail.google.com/a/bloksec.com)
    • Verification certificate: Upload the certificate file saved in step 5 above
    • Click Save to apply the configuration changes
  4. Send your users the following URL to login via passwordless https://mail.google.com/a/<your domain> (for example https://mail.google.com/a/bloksec.com)

Updated 21 Mar 2022
Did this page help you?