Google G Suite
Notes
These instructions are accurate as of October 2017. As Google may make changes to the G Suite user interface at any time you may find that some aspects of this step by step such as button and screen names may not align completely with G Suite. If you notice any misalignment, please let us know so that we can keep these instructions as up to date and accurate as possible.
Step 1 - Configure Skills Base SSO (Part 1)
- Log in to Skills Base as an Administrator
- From the left side of menu, select [Administration > Authentication]
- On the Authentication page in the Identity Providers section, select Add identity provider.
- Click Add to use the default settings.
- In the Application Details panel, next to SAML SP Metadata, select Download XML File and save the resulting file on your computer.
Step 2 - Set up the G Suite App
- Go to the Google Admin Console: https://admin.google.com
- Click “Apps”
- Click “SAML apps”
- Click either “Add a service/App to your domain”, or click the yellow circle with the plus (+) icon in the bottom right-hand corner (depending on which option you see).
- Click “SETUP MY OWN CUSTOM APP” at the bottom of the window
-
Google IdP informationwindow:
- Click the “Download” button next to “IDP metadata”. Save this file for use later and then click “Next”
-
Basic information for your Custom Appwindow:
- For “Application name” enter “Skills Base” and click “Next”
-
Service Provider Detailswindow:
- Using a text editor, open the Skills Base metadata file that you downloaded in step 1 (Note: Not the one you just downloaded from G Suite, but the one you downloaded from Skills Base earlier)
- Look for the tag that starts with: <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- Copy the URL from the “Location” attribute of the above tag. It should start with https://saml.skills-base.com/....
- Paste the URL you copied into the “ACS URL” field in the “Service Provider Details” window
- Look for the tag that starts with: <md:EntityDescriptor
- Copy the value from the "entityID" attribute of the above tag.
- Paste the value you copied into the “Entity ID” field.
- For the "Start URL” field enter your Skills Base shortcut link which you can get from Admin > Settings in Skills Base
- For name ID select “Basic information” and “Primary Email"
- For “Name ID Format” select “Email”
- Click Next
-
Attribute Mappingwindow:
- Click “Add new mapping” 3 times and complete as follows, before clicking "Finish"
Basic information | Primary Email | |
givenName | Basic information | First Name |
surname | Basic information | Last Name |
Step 3 - Activate the App in G Suite
- Click “Apps”
- Click “SAML apps”
- Next to the Skills Base app, click the three dots on the right hand side and depending on your preference select either “ON for Everyone” or "ON for some organizations".
Step 4 - Configure Skills Base SSO (Part 2)
- Return to Skills Base and select [Administration > Authentication] from the left hand menu.
- In the Identity Providers section, select the edit button (denoted by a pencil icon) for the Identity Provider record you added.
- In the Edit identity provider panel, for SAML IdP Metadata select Upload an XML file
- Click Browse to choose a file. Select the Federation Metadata XML file that you downloaded from G Suite and click Save.
- In the Authentication panel, for Single Sign-On select the Identity Provider you added
- Make sure the option to bypass the Skills Base login screen is deselcted for now. You can enable this option later, once the integration is proved to be working.
- If you would like to enable Just In Time user provisioning, enable the Automatic user account provisioning option.
- click Save changes.
The Identity Provider you added in the Identity Providers panel should now have a green Enabled badge in the Status column.
Accessing Skills Base via Single Sign On
To access Skills Base via G Suite Single Sign On, use your Skills Base shortcut link. You will automatically be redirected to G Suite for authentication.