In order for your students and faculty to enjoy seamless single sign-on (SSO) with their Google Workspace accounts, we'll need to configure a few things.
itopia CloudApps Classroom provides a secure Single Sign-On provider for Google Workspace. Students and instructors use their Google identity to log into the CloudApps Student Portal. When they launch their CloudApps session, the remote desktop is automatically logged into their Google account by using CloudApps' SSO provider.
In order to enable this functionality, your Google Workspace organization must be configured to redirect authentication requests to the CloudApps SSO provider. Google currently allows this redirection to be applied universally to all authentication requests or to be scoped to only redirect requests that come from a specific IP address range.
To support seamless SSO for CloudApps session, itopia CloudApps requires you to configure Google Workspace SSO Integration to use the CloudApps SSO provider as a scoped provider; that is, only authentication requests that come from itopia CloudApps' public IP range will be forwarded to the CloudApps SSO provider. All other authentication requests will be handled by Google.
IMPORTANT: Google Workspace only supports configuring a single external identity provider (IdP) for their SSO integration. If you are already using another third-party IdP platform, you will be unable to add the CloudApps SSO provider and your students will have to authenticate their Google accounts when they access their remote desktops.
Configure Google Workspace for the CloudApps SSO Provider
You can configure your Google Workspace environment with the settings below. These settings and values can are also displayed directly on the Single sign-on (SSO) configuration screen.
- Log into the CloudApps Admin Console (labs-admin.itopia.com) as a user with Editor or Owner rights to the District.
- If you are not at the District Dashboard already, navigate there: click the name of the currently-selected School in the top-left corner and click the Manage District link.
- In the District Dashboard, locate the Workspace Configuration card. In the Single Sign-On Integration section, click the Configuration button.
- Enable the option Enable SSO integration with Google Workspace.
- Click the Download button to download a copy of the CloudApps SSO provider SSL certificate. You will need to upload this certificate to your Google Workspace organization in the steps below.
- In a separate browser tab, log into the Google Workspace Admin Console (admin.google.com) as an Organization Owner. Navigate to Security » Set up single sign-on (SSO) with a third-party IdP. You may also use this link to navigate there directly: Google Workspace - Single sign-on (SSO) with third-party identity providers (IDPs)
- In the section labeled SSO profile for your organization, click the Edit (pencil) icon; you may need to hover your mouse over this section for the icon to appear.
- Check the box labeled Set up (SSO) with a third-party identity provider.
- Provide the following values:
- Sign-in page URL:
- Sign-out page URL:
- Verification certificate: Upload the certificate you downloaded in Step 6.
- Network masks:
- Change password URL: <leave blank>
- Sign-in page URL:
- Click Save.
- Return to the browser tab that has the CloudApps Admin Console. Click Save.
Please sign in to leave a comment.