• All Files

Configuring G Suite

Note: These instructions pertain to Step 2 of the overall identity provider process.

To configure G Suite as your identity provider for Prysm, you need to complete the two sets of interrelated steps below.

ClosedConfiguring G Suite to work with Prysm

Follow these steps:

  1. Navigate to the Google API Console (https://console.developers.google.com/projectselector/apis/library?pli=1).
  2. In the project list, select your project.
    If you haven’t created a project, create one by clicking Create a new project.
  3. In the left panel, click Credentials, and then click the OAuth consent screen tab.
    Tip: You can leave the Optional fields blank, because they aren't needed for integration with Prysm.
  4. Complete the fields on the OAuth consent screen tab.
  5. Click Save.
  6. Click the Credentials tab.
  7. Click Create credentials > OAuth client ID.
  8. Under Application type, select Web application.
  9. In the Name field, enter the name of the service provider.
  10. In the Authorized redirect URIs field, enter the string from the Callback URL field in Prysm Admin Portal. (See Step 6 of your Prysm configuration.)

  11. Click Create.
    The OAuth Client dialog box appears.
  12. Copy the Client ID and the Client Secret. Keep them for Steps 7 and 8 of your Prysm configuration.
ClosedConfiguring Prysm to work with G Suite

Follow these steps:

  1. Impersonate the account you want to configure.
  2. In Admin Portal, click Identity Provider.
  3. On the Identity Providers page, set the Enable SSO toggle to On.
  4. In the Identity Provider field, select G Suite.
    When you select G Suite, the Protocol field is automatically set to OAuth 2.0.
  5. In the Auto Provisioning field, set the toggle to Off.
    Warning: Currently, Auto Provisioning must be Off for G Suite integrations, because G Suite does not support role mapping.
  6. In the Callback URL field, verify that the URL matches the URL you entered in the Authorized Redirect URIs field in Step 10 of your G Suite configuration.
  7. In the Client ID field, enter the ID that you copied from the Client ID field in G Suite’s settings (see Step 12 of your G Suite configuration).
  8. In the Client Secret field, enter the text that you copied from the Client Secret field in G Suite’s settings (see Step 12 of your G Suite configuration).
  9. In the Scope field, enter the Google APIs that retrieve the user’s profile and email (separated by a comma). For example:
    https://www.googleapis.com/auth/userinfo.profile, https://www.googleapis.com/auth/userinfo.email
  10. If the Auto-Provisioning toggle is set to On, the PAS User Field Name field is automatically set to IdP Attribute Name when a user is auto-provisioned.
    Also, the First Name and Last Name fields are set to the parameters that contain a user’s first name and last name.
  11. In the Enforce SSO field, set the toggle to On or Off.
    On: When Enforce SSO is On, users can sign in only one way — with their G Suite credentials.
    Off: When Enforce SSO is Off, users can sign in two ways — with their G Suite credentials or with their Prysm credentials.
    Warning: Before you change this setting and click Save in the next step, be sure to test your IdP configuration with at least one user. If you click Save to convert all your users to IdP authentication without testing, and something in your configuration is not correct, you can lock all users out of their accounts.
  12. Click Save.
  13. To ensure a successful identity provider integration, move on to Step 3 and complete the entire Process for Configuring Identity Providers.

Continue at Step 3 of the overall identity provider process

Top