SSO for Gmail
Overview
Akku, developed by CloudNow Technologies, is a robust Identity & Access Management (IAM) solution designed to streamline user provisioning, access management, and activity monitoring throughout the user lifecycle. It offers administrators the tools to efficiently manage user privileges and ensure data security in cloud environments. With Akku, organizations can confidently embrace cloud technology while maintaining compliance with standards and regulations. Its comprehensive features enable seamless onboarding, secure authentication, a single point-of-access to all applications, enforcement of access policies, and monitoring of user activity to detect and respond to security threats effectively while enhancing the user experience significantly. By prioritizing data security, privacy, and compliance, Akku provides users with peace of mind while improving overall productivity. With its flexible and scalable architecture, Akku is well-equipped to meet the evolving needs of modern organizations in managing their identity and access requirements.
Introduction
Gmail SAML with Akku provides a secure and reliable method for authenticating users. To set it up, you'll need a G Suite domain, an Akku account, and the G Suite SAML Integration feature enabled. First, configure your Akku instance by adding the Gmail SAML app and specifying the required fields. Then, grant Aku permission to access your G Suite domain. Next, set up the SAML request URL and authentication URL in your Akku instance. Finally, test your integration to ensure seamless authentication for your users.
Configure Gmail Settings on Akku
The steps listed below provide instructions on Adding the Application app from the QuickLaunch App Store and Configuring SAML SSO to the added Application app
Login to Akku Administration Console
Login to the Administration Console of Akku using your tenant url (e.g. clientname.akku.work).
Navigate to App Management and Search for Gmail
Navigate to App Management and search for Gmail
Define Client Type and Client ID
Select SAML click on General Settings and define the Client Type and Client ID
Define Login Settings & Advance Settings
Configure the following URLs for Gmail SAML integration:
Home URL
https://mail.google.com/a/clientdomainurl/
Valid redirect URL
https://www.google.com/a/clientdomainurl/acs
Valid redirect Logout URL
https://accounts.google.com/Logout
Master SAML Processing URL
https://accounts.google.com/Logout
Assertion Consumer Service POST Binding URL
https://www.google.com/a/clientdomainurl/acs
Assertion Consumer Service Redirect Binding URL
https://www.google.com/a/clientdomainurl/acsGenerate the PEM File
Click on View Certificate download the certificate add the below lines at the beginning and the end of the certificate and save the file with the .pem extension.
Beginning of the File
-----BEGIN CERTIFICATE-----
[Your Certificate Content Here]
End of the File
-----END CERTIFICATE-----Save the Settings
Save the settings.
Configuring SAML Settings in Gmail
Configure Gmail with SAML settings from Akku
Navigate to SSO Settings
Login to admin.google.com using administrative credential and navigate to "SSO with Third Party IdP" under "Security".
Enable SSO with Third-Party IdP
Enable "Set up SSO with third-party Identity Provider" and design Sign-In and Sign-Out URL.
Upload Certificate
Upload Certificate Under "Verification Certificate" Settings.
Enable Automatic Redirects
Navigate to "Domain-specific" service URLs and enable "Automatic redirects" as shown below.
Save Gmail Settings
Save the settings.
Functional Testing
Test the Gmail SAML SSO integration
Navigate to Akku Tenant
Navigate to your tenant url (e.g. clientname.akku.work)
Login with Credentials
Log in with a valid username and password.
Launch Gmail from Applications Wall
Launch Gmail from the wall of applications.
Access Gmail Mailbox
Click on the Gmail icon and the same should take you straight to your mailbox.
