Google Connector Configuration
Connecting the LockSelf application to an identity federation is done via the SAMLv2 protocol. It is therefore possible to connect the application to your company Google account.
Creating the connector
- Log in to your Google admin interface in the Applications section: https://admin.google.com/ac/apps/unified
- Click on "Add application", then "Add custom SAML application".
- Define a name for the connector, generally "LockSelf". Add a description and a logo if you wish.
- The next step has already been completed in Step 1 of this documentation. You can click directly on "Continue".
- Fill in the fields related to the application:
- ACS URL: Corresponds to the Assertion Consumer Service URL, i.e., the response URL.
- Entity ID: Corresponds to the application metadata URL.
- Start URL: Corresponds to the login URL for your users.
(where FQDN replaces the domain name of your LockSelf installation).
Regarding the Name ID, it will be used as the primary identifier in LockSelf.
- For the Name ID format, choose "Transient"
- For the Name ID, choose "Basic Information > Primary email"
The last step is to map the attributes, i.e., specify the user attributes that will be sent to the application.
- Primary Email: mail
- First name: firstname
- Last name: lastname
Then click "Finish".
Allow users to access the application
This step consists of choosing which users or user groups can access the connector, and therefore the application.
To do this, click on the "User access" block.
Then choose the authorized users / groups.
Verify the connection
Once these steps are completed, you will be able to test the connector:
-
Step 1: To test correctly, open a private browsing window and go to your infrastructure URL (https://FQDN/?sso). If you are using the browser extension, click on the gear icon, then on "Clear cache".
-
Step 2: On the SSO tab, enter your email in the displayed field or click directly on the "Sign in" button.
- If this does not work, on the login page, click on the gear icons in the top right corner, and verify that in the API URL field there is /api/ at the end of the dedicated domain name. For example: https://votreentreprise.lockself-cloud.com/api/, https://lockself.votreentreprise.com/api/, etc...
- If this does not work, on the login page, click on the gear icons in the top right corner, and verify that in the API URL field there is /api/ at the end of the dedicated domain name. For example: https://votreentreprise.lockself-cloud.com/api/, https://lockself.votreentreprise.com/api/, etc...
-
Step 3: You will be redirected to your organization's Google SSO portal where you can authenticate.
- Step 4: Once authenticated, you will be redirected to LockSelf, which will ask you to create the PIN code associated with your account.
Update the connector
A signing certificate / token encryption update sometimes needs to be performed on the Google connector.
In this case, you will need to update the new IDP metadata file in the Settings tab of the Administrator account, in the SSO module. For this, refer to this documentation: SSO Interconnection Configuration.
Updated