Google's instructions on how to set up a New Custom SAML application in the GSuite admin console can be found here:
https://support.google.com/a/answer/6087519?hl=en
Documentation of the information our system will need can be found here:
iLMS - Single Sign-On Generic Setup Steps
Additional Details for GSuite SAML app:
- Identity-Provider Details
- Download metadata from GSuite and upload it Into Inspired Portal under SSO: SAML settings in the Identity-Provider section. (Select the "Import Metadata" radio button to see the upload option.)
- Service Provider Details
- ACS URL (Gsuite) = Endpoint URL (Inspired)
- Entity ID (Gsuite) = Identifier (Inspired)
- For Name ID format pick the identifier for your users, usually email or employee ID.
Make sure the same user unique identifier is set in iLMS. By default iLMS uses email.
If you need to change it to employee ID you can do so here: iLMS Fields and Unique Identifier
- Turn on SAML App after finishing setup
- Ensure the custom application is turned on for all users in GSuite after creation per google's instructions.
- On the Inspired side, make sure the checkbox "Enable Single Signon using SAML (2.0)" is enabled after connection details are populated.
For SSO with GSuite end-users will only be able to access iLMS when initiated from the app created on the GSuite side
(Identity-Provider Initiated access from within the application)
iLMS's service provider initiated SSO link will not work for end-user access with GSuite.
(Identity-Provider Initiated access from within the application)
iLMS's service provider initiated SSO link will not work for end-user access with GSuite.
