Google interconnection

Google interconnection • LockSelf

Configuring the Google connector


Interconnecting the LockSelf application with an identity federation is done through the SAMLv2 protocol. It is therefore possible to interconnect the application with your Google enterprise account.

Creating the connector

  1. Log in to your Google admin interface in the Applications section: https://admin.google.com/ac/apps/unified
  2. Click "Add an application", then "Add a custom SAML application".

    Screenshot_2022-02-15_at_11.10.27_AM.png
  3. Set a name for the connector, usually "LockSelf". Add a description and a logo if you wish.

    Screenshot_2022-02-15_at_11.12.51_AM.png
  4. The next step has already been completed in Step 1 of this documentation. You can click "Continue" directly.
  5. Fill in the fields related to the application:
    1. ACS URL: corresponds to the Assertion Consumer Service URL, i.e. the response URL
      1. https://FQDN/saml2/response
    2. Entity ID: corresponds to the URL of the application's metadata.
      1. https://FQDN/saml2/metadata
    3. Start URL: corresponds to the sign-on URL for your users.
      1. https://FQDN/?sso

(where FQDN replaces the domain name of your LockSelf installation).

Regarding the Name ID, it will be used as the main identifier in LockSelf.

  • For the Name ID format, choose "Transient"
  • For the Name ID, choose "Basic Information > Primary email"

The last step consists of mapping the attributes, i.e. specifying the user attributes that will be sent to the application.

  • Primary Email: mail
  • First name: firstname
  • Last name: lastname

Screenshot_2022-02-15_at_12.08.09_PM.png

Then click "Finish".


Allowing users to access the application

This step consists of choosing which users or groups of users can access the connector, and therefore the application.

To do this, click the "User access" block.

Screenshot_2022-02-15_at_12.13.16_PM.png

Then choose the authorized users / groups.

Screenshot_2022-02-15_at_12.15.36_PM.png


Checking the connection

Once these steps are completed, you will be able to test the connector:

  • Step 1: To test properly, open a private browsing window and go to the URL of your infrastructure (https://FQDN/?sso). If you use the browser extension, click the gear wheel, then "Clear cache".
  • Step 2: On the SSO tab, enter your email in the displayed field or click the "Log in" button directly.
  • Step 3: At this step, you will be redirected to your organization's Google SSO portal where you can authenticate.
  • Step 4: Once authenticated, you will be redirected to LockSelf, which will ask you to create the PIN code associated with your account.

Updating the connector

An update of the token signing/encryption certificates must sometimes be performed on the Google connector.

In this case, you will need to update the new IdP metadata file, in the Settings tab of the Administrator account, on the SSO module. To do this, see this documentation: Configuring the SSO interconnection.

Updated