In order for your students and faculty to enjoy seamless single sign-on (SSO) with their Google Workspace accounts, we'll need to configure a few things.
itopia Labs provides a secure Single Sign-On provider for Google Workspace. Students and instructors use their Google identity to log into the Labs Student Portal. When they launch their Labs session, the remote desktop is automatically logged into their Google account by using Labs' SSO provider.
In order to enable this functionality, your Google Workspace organization must be configured to redirect authentication requests to the Labs SSO provider. Google currently allows this redirection to be applied universally to all authentication requests or to be scoped to only redirect requests that come from a specific IP address range.
To support seamless SSO for Labs session, itopia Labs requires you to configure Google Workspace SSO Integration to use the Labs SSO provider as a scoped provider; that is, only authentication requests that come from itopia Labs' public IP range will be forwarded to the Labs SSO provider. All other authentication requests will be handled by Google.
IMPORTANT: Google Workspace only supports configuring a single external identity provider (IdP) for their SSO integration. If you are already using another third-party IdP platform, you will be unable to add the Labs SSO provider and your students will have to authenticate their Google accounts when they access their remote desktops.
Configure Google Workspace for the Labs SSO Provider
You can configure your Google Workspace environment with the settings below. These settings and values can are also displayed directly on the Single sign-on (SSO) configuration screen.
- Log into the Labs Admin Console (labs-admin.itopia.com) as a user with Editor or Owner rights to the District.
- If you are not at the District Dashboard already, navigate there: click the name of the currently-selected School in the top-left corner and click the Manage District link.
- In the District Dashboard, locate the Workspace Configuration card. In the Single Sign-On Integration section, click the Configuration button.
- Enable the option Enable SSO integration with Google Workspace.
- Click the Download button to download a copy of the Labs SSO provider SSL certificate. You will need to upload this certificate to your Google Workspace organization in the steps below.
- In a separate browser tab, log into the Google Workspace Admin Console (admin.google.com) as an Organization Owner. Navigate to Security » Set up single sign-on (SSO) with a third-party IdP. You may also use this link to navigate there directly: Google Workspace - Single sign-on (SSO) with third-party identity providers (IDPs)
- In the section labeled SSO profile for your organization, click the Edit (pencil) icon; you may need to hover your mouse over this section for the icon to appear.
- Check the box labeled Set up (SSO) with a third-party identity provider.
- Provide the following values:
- Sign-in page URL:
- Sign-out page URL:
- Verification certificate: Upload the certificate you downloaded in Step 6.
- Network masks:
- Change password URL: <leave blank>
- Sign-in page URL:
- Click Save.
- Return to the browser tab that has the Labs Admin Console. Click Save.