Setting up SSO with CMNTY and Google G-Suite

 

This article explains how to set up SAML-based SSO (Single Sign-On) between CMNTY Platform and G-Suite (Google), where G-Suite will be your Identity Provider and CMNTY Platform will be your Service Provider. This works with corporate Google accounts (which are part of G-Suite), not regular Gmail accounts.

Configuring the identity provider (G-Suite)

  1. Log into the admin console of your G-Suite apps account.
  2. Choose Apps within the menu.setup saml
  3. Choose SAML Appschoose saml apps
  4. Click on the + icon at the bottom.
  5. A modal will open. Select “Setup my own custom app”.setup my own custom app
  6. Copy the SSO URL and the identity URL to a text file.
  7. Save the certificate on your computer and click “Next”.sso url
  8. Fill in the name of your Platform.
  9. Fill in a description and upload a logo to be displayed to your users [optional].basic information
  10. Fill in the ACS URL and Identity ID (base URL).
  11. Set the Name ID format to persistent.
  12. If your platform name was https://yourplatform.cmnty.com, then the form will look like this:service provider details
  13. You can set some mapping details/values. CMNTY Platform requires that you set User.Username and User.Email.
  14. You can set extra profile mappers (i.e. another profile field like a job title) to CMNTY Platform [optional].attribute mapping
  15. Click finish.
  16. You can now activate this app for everyone within your organization. Click on the menu icon and click “On for everyone.”activate this app

You are now done configuring G-Suite.

Configuring the service provider (CMNTY Platform)

  1. Admin of CMNTY Platform > Integrations > SAML.
  2. Activate SSO and activate Shared Login.
  3. The SSO URL you copied earlier from G-Suite can be put into the Login Endpoint.
  4. The Entity ID can be filled in as the Issuer URL.
  5. The logout endpoint can be left empty, since G-Suite does not support SLO.
  6. The certificate you downloaded earlier can be opened with an editor like TextEdit (OSX) or Notepad (Windows). Copy the contents of that file into the certificate.
  7. Finally, map the additional profile data which we called User.Title. We fill in User.Title as the Identity Provider Field and select Job Title in our profile drop down.additional profile data
  8. Click Save.

Testing

You have now configured G-Suite with CMNTY Platform correctly. Do note, however, that it can take up an hour before G-Suite has properly updated their servers to reflect the changes you made.

There are two ways to initiate the actual login.

  1. You can use a service provider initiated flow by clicking the “Login with SAML” button on the login page.
  2. You can click the “Launch” button in the G-Suite Apps setup at the top right corner to perform the identity provider initiated flow.testing

Usage

If everything works correctly, you can decide to disable the shared login. From that point on, people can only access the platform by logging in via G-Suite. If you choose to do this, first make sure that everything works as expected and that you made at least one user Community Manager with access to the admin, before disabling.

Users can easily navigate to your CMNTY Platform by opening up the App Drawer on any Google page and clicking on the application you created earlier.

usage