Skip to main content
Sign in

Google GSuite SAML Integration

Ryan Barnes
  • Updated

Digital Campus / Google GSuite SAML Integration

Use the SAML Service Provider Metadata XML file provided by Swank to import our configuration into your SAML Provider. You can download the file here.

 

Step 1 – Configure Google SAML Application

  1. Sign into the Google Admin Console (admin.google.com)
  2. Navigate to Apps / SAML Apps
  3. Click the + Sign to Add a new Application
    mceclip0.png
  4. Select “SETUP MY OWN CUSTOM APP”
    mceclip0.png
  5. Google IdP information - Select Option 2 Download IDP metadata. This file will be used in Step 2 of setting up the application in Digital Campus.
    mceclip1.png
  6. Basic Information - Enter “Digital Campus” for the Application Name and Click Next.
    mceclip3.png
  7. Service Provider Details - Enter the following:
    1. ACS URL = https://digitalcampus.swankmp.net/saml/ReceiveSingleSignOn
    2. Entity ID = https://digitalcampus.swankmp.net
      1. (When copying and pasting this info, make sure there is no trailing "/" or spaces on the G suite side. This will result in errors)
    3. Check Signed Response
    4. Name ID = Basic Information / Primary Email
    5. Name ID Format “UNSPECIFIED”
      mceclip0.png
  8. Attribute Mapping - Add Attribute Mappings for role setup in Digital Campus.   Each field will return the associated user data values from GSuite to Digital Campus.   In the Example below, we are mapping the following fields:

     mceclip0.png
    Note:  Department, Job Title and Cost Center may be very useful to distinguish Students from Instructors in the Role Mapping of Digital Campus.   These fields are in the Employee Details Category in GSuite.

  9. Once complete your application should be complete.
    mceclip6.png
  10. In Google Admin Return to the Apps / SAML Apps screen to Enable the Digital Campus App for your users.
    1. Click the menu icon to the right of the application:
      mceclip8.png
    2. Select “ON for Everyone” or “ON for Some” to Select the users this application will be available for.
      mceclip7.png
  11. Confirm Selection for Enabling the Application to users.
    mceclip9.png

Step 2 – Configure Digital Campus SAML Authentication

  1. Log Into your Digital Campus portal and select the Admin section (e.g.: https://digitalcampus.swankmp.net/[your site ID]/admin )
  2. Before proceeding further, if you do not see "SAML External" in the left menu under Authentication, You will need to request your Authentication mode be changed to SAML. Please ask your Account Manager to revise this, then proceed as follows
    mceclip0.png
  3. Select Authentication / SAML External
    1. Select Load Settings
      mceclip10.png
    2. Click the Select button and Choose the Google IdP xml File downloaded in the Step 1.5 and then Save. This will populate the majority of the data we need in the Digital Campus application.
      mceclip11.png
    3. Signon Tab - Confirim SingleSignOnServiceUrl = Google AD Login Url and uncheck: WantAssertionSigned, and WantAssetionEncrypted.   WantAssertionOrResponseSigned is checked.mceclip1.png
    4.  Miscellaneous Tab - Confirm PartnerName/EntityID = Google Entity IDmceclip2.png
      mceclip3.png
    5. Certificates Tab -Confirm Partner Certificate was loaded.
      mceclip16.png
    6. Save Settings - Click “Save all Settings” before proceeding.
      mceclip17.png
    7. Test Login Attributes Tab / Test
      mceclip18.png
      1. This should trigger the SAML authentication and once complete lands on the site with this screen:
        mceclip19.png
    8. Close the browser and then Log back into the Digital Campus Portal Admin section
    9. You should now see the SAML Test Results:
      mceclip20.png
      We should now be ready to configure roles.

    10. Configure Roles 
      1. Roles Tab / Click Add Role
      2. Enter the SAML Role Mapping that you want to use from Test Results.
        *Please note: The SAML Attribute and Swank Role Name must match exactly and mapping is case sensitive. 

        *K12 Example with multiple permission requirements: 
        - Map email domain (Example: @k12digitalmovies.com) to Basic User role 
        - departments of "Science" and "Math" to Instructor Role
        - job-title of "Professor" to Instructor Role
        mceclip0.png

        *For VIRTUAL SCREENINGS, only User level permission is required. We find most schools can use a single role mapping the email attribute to the entire email domain(s). Example below: 
        Name = primary-email
        Value = @schooldomain.edu (replace this with your school's actual email domain. "@" needs to lead the domain)
        Role = User



      3. Click Save all settings
        mceclip22.png


You can also use any other attribute mappings like Department or Job Title to link users to roles within Digital Campus.

               

                You should now be able to test all these login combinations on the site.

 

If you are receiving errors from Google when performing these tests, please refer to the following SAML app error messages link:  https://support.google.com/a/answer/6301076?hl=en

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk