To use Google as an identity provider, you must set up a SAML app. If you are a G-Suite admin, you can access the SAML Apps page via the admin console under the Apps -> SAML Apps menu. Follow these steps to set up your OneCloud SAML app:
From here, click the “+” button to add a new SAML application. A modal should pop up, and you can click the link called “Setup my own custom app” at the bottom.
A wizard menu will appear here, giving you two options. Under “Option 2”, click “Download” to download the identity provider metadata. Keep this file for later, as you will need to upload it into the OneCloud platform to complete the process.
Click "Next", and you will be taken to a screen to fill out some basic information about the application. Once you’ve added “OneCloud” for the name, click next to go to the next step.
This step asks for service provider details. You will need values from the OneCloud application in order to complete this step, so in OneCloud, navigate to the Admin -> Users & Groups -> SAML section. At the top, you’ll see your company SAML token. This value will be required for the “ACS URL” field. Use the following values for the fields in this step:
ACS URL: https://app.onecloud.io/saml/consume/YOUR_SAML_TOKEN - NOTE: Be sure to replace YOUR_SAML_TOKEN with the value from the above step
Signed Response: Check this box
Name ID: Basic Information / Primary Email
Name ID Format: EMAIL
Once you have filled out the form, click next to navigate to the final step.
- The final section asks for attribute mapping. OneCloud expects two fields - firstName and lastName. Add the following attributes, noting the capitalization of “firstName” and “lastName”
- firstName / Basic Information / First Name
- lastName / Basic Information / Last Name
Google states that adding the application may take up to 24 hours to propagate to all users, so you may not be able to use the application right away.
From there, your setup should be complete. The only thing that remains is to enable the SAML application. Click the menu on the right, and choose either “ON for everyone” or “ON for some”.
You will now be able to enter OneCloud using the Start URL provided in the form earlier. Note that you will no longer be able to use OneCloud via a username and password if SSO is enabled for your account.