This article is an add-on to our SAML configuration guide, supplementing the process described there with specific details and additional information unique to configuring SAML for the G Suite SAML 2.0 app connector in OneLogin's app catalog.

Configuring OneLogin's G Suite App Connector

Check out this two-part video training series for a full overview of connecting G Suite with OneLogin.

Watch Now

Configuration

Domain

Enter your primary G Suite domain.

API Connection

If you have not previously granted Google authentication access as part of the provisioning process, click Authenticate now and sign in with your Google admin account. Once successfully authenticated, a Clear Token option will appear. Clear your OAuth token as necessary to reauthenticate with the G Suite Directory API. If you're clearing the token because of security concerns, you should also delete the old token from G Suite.

SSO

Automatic configuration

1. Configure any parameters necessary and assign the app to your own OneLogin account, then Save the app connector and toggle on Enable automatic SAML configuration.

   

2. Follow the prompts in the One Click dialog that appears to complete configuration.

   

3. Click Verify to test the configuration. If successful, you're signed directly into G Suite in a new tab.

   If you do not have a G Suite account or the Verify prompt does not appear, you can manually test the connection by assigning the app to a test user and attempting to launch G Suite from this user's OneLogin portal in an alternate browser.

Manual configuration

Copy your OneLogin SSO values to their corresponding fields in G Suite:

Tip! Google supports partial SSO, enabling you to configure the app connector for only certain organizational units (OUs) in G Suite, which can be useful for fine-tuning your security requirements as well as testing your connection with a test OU rather than an individual test user. See the Google documentation for more information on configuring partial SSO.