Setting Up Integration with Google Workspace Using SAML

Note: The IDP version 1.2-71 is required for integration with Google Workspace.

Step 1. Choose a Brand

  1. Enable the Identity Service.
  2. Select an existing brand for which you plan to set up the integration, for example, "mybrand.com".

Step 2. Create a SAML Application in Google Workspace

  1. Go to Google Workspace, select SAML apps and click Add App.
  2. Choose Add custom SAML app and specify its name as "oss-brand-<brand domain>".
  3. On the Google Identity Provider detail step, copy and save SAML Metadata details, which you will use later:
    • SSO URL
    • Certificate
    • Entity ID
  4. On the Service provider details step, enter the following values:

    ParameterValue
    Entity IDhttps://<brand_domain>/auth/realms/sr<brand_id>
    ACS URLhttps://<brand_domain>/auth/realms/sr<brand_id>/broker/saml/endpoint
    Signed responseSelect this checkbox
    Name ID formatEMAIL
    Name IDBasic Information > Primary email


    Where: <brand_id> is the brand identifier in CloudBlue Commerce.

  5. On the Attribute mapping step, define a custom unique attribute for a user log-in name in CloudBlue Commerce and map it with the Google Directory attribute (for example, cbc-login and Primary email).
  6. Click the User access tile and make this app available for users by selecting ON for everyone.

Step 3. Configure External IDP Service

  1. Log in to the PCP, then go to Services > Identity Service.
  2. In the External IDP Service tab, select a brand.

  3. Check the External IDP service enabled checkbox and specify these parameters:

    Parameter Example Notes
    External IDP Login URL https://accounts.google.com/o/saml2/idp?idpid=C00tc2cu4 The SSO URL value from Step 2
    External IDP Logout URL https://accounts.google.com/o/saml2/idp?idpid=C00tc2cu4 The SSO URL value from Step 2
    External IDP display name Google Workspace A human-readable name
    External IDP certificate in PEM format -----BEGIN CERTIFICATE-----
    <...> ....
    -----END CERTIFICATE-----    		 The Certificate value from Step 2
    External IDP username SAML assertion attribute cbc-login

    The custom attribute value from Step 2

Step 4. Create a User

Now, you can create a user in CloudBlue Commerce. The user log-in name must be equal to the value of the SAML assertion attribute set for External IDP username SAML assertion attribute at the previous step.

Important: Users are not created automatically, they must be created beforehand in CloudBlue Commerce.

© 2024 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal