Versions Compared

Old Version 1

changes.mady.by.user Vladimir Mencl

Saved on

compared with

New Version Current

changes.mady.by.user Vladimir Mencl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: use member-owned URLs for entityIDs

...

  • The entityID of the Hosted IdP instance.  This will likely be (with example.org replaced by your organisations domain):
    • for Tuakiri-TEST: https://hostedidp-login.test.tuakiri.ac.nz/hosting/example.org/idp/shibboleth
    • for Tuakiri (Production): https://hosted-login.tuakiri.ac.nz/hosting/idp.example.org/idp/shibboleth
  • The assertion consumer service (ACS) URL:
    • for Tuakiri-TEST: https://hosted-login.test.tuakiri.ac.nz/hosting/example.org/idp/profile/Authn/SAML2/POST/SSO
    • for Tuakiri (Production): https://hosted-login.tuakiri.ac.nz/hosting/example.org/idp/profile/Authn/SAML2/POST/SSO
  • Super-administrator privileges in your Google Apps / GSuite account.

...

  1. From the Admin console Home page, go to Apps and then Web and mobile apps.

  2. Click Add App and then Add private SAML app (can be also labelled Setup my own custom app) - do not select an application from the list.

  3. On the App Details page, enter:

    • Name: <Your organisation> Tuakiri Login
    • Logo (optionally, may not be shown): upload your organisation's logo as the app icon
    • Click Continue 

  4. You should be presented with a Google IdP Information  screen.  Please download the IdP metadata and click Continue  (or Next )

  5. On the Service Provider Details screen:

    • Enter the ACS URL and Entity ID as per above

    • Leave Start URL blank
    • Tick the Signed Response checkbox
    • For NameID: select  Basic InformationEmail 
    • For NameIDFormat: select emailAddress
    • Click Continue 

  6. On the Attribute Mapping page, select all available information - this should at the very least include:

    SAML Attribute NameCategorySource Attribute
    emailBasic InformationPrimary Email
    givenNameBasic InformationFirst Name
    surnameBasic InformationLast Name

    and if desired can also include e.g.:

    SAML Attribute NameCategorySource Attribute
    phoneNumberContact InformationPhone Number
    addressContact InformationAddress

    When the mapping is complete, click Finish.

  7. You also need to Enable the app for your users.
    • From the Admin console Home page, go to Apps and then Web and mobile apps and then select your just registered app.
    • Click User access.
    • Click On for everyone and then click Save.

...