To set up Google Workspace (G Suite) SSO with CirQlive MEETS, please perform the following steps.
- Go to the Google Workspace Admin Console. Click on Apps > Google Workspace>Web and mobile apps>Add App>Add custom and SAML app
- Give the app a name and click "Continue".
- There are two ways to retrieve the IdP information for Google Workspace:
- Option 1 is to download the IdP metadata
Option 2 is to copy the SSO URL, entity ID and certificate Click "Continue"
- To enter this data in MEETS, go to the Authentication tab in your MEETS Admin Panel. Enter a name for the new service, choose SAML as the authentication method, and click the "+" icon to add the service.
- Depending on the way you retrieved the IdP information (see point 3 above), do the following:
a. If you downloaded the metadata (option 3.a.):
- Choose the option of "import Identity Provider metadata". Upload the file.
- A window will pop up, and choose the HTTP-Redirect, and click “Import"
- All the data will automatically be added into the fields
- Click “Save”
b. If you copied the IdP metadata (option 3.b.):
- Upload the Public Key (or open it with notepad, and copy the Public Key info into the PK field)
- Manually copy the IdP ID, and the Identity Provider primary Sign On from the Google IdP information page
- Click “Save”
6. On the Service Provider Details page, choose email as the Name ID Format, and get the ACS URL and the Entity ID from the MEETS IdP page. (On the MEETS page, after clicking Save you will see the button for "Show Service Provider immutable settings"). Click “Continue”.
7. In Attribute Mapping, add a new mapping > fill in the attribute of name_first, as Basic information, for the field of First Name > and fill in the attribute of name_last, as Basic information, for the field of Last Name. The names need to match the attribute fields from MEETS (see point 7 above and following screenshot).
Click on "Finish"
8. Go back to the Google Admin to the IdP app you added. Edit the service, turn the service on for everyone, and save.9. Go to the MEETS admin. > First, on the Sitewide Settings, test the connection. > Second, on the per connection settings, click on the name of the Authentication source to enable the SSO connection for that instance.