Configuring SAML on G Suite
To configure SAML, log in to your G Suite administrator account:
- In the Admin console, select Apps > SAML apps > Add a service/App to your domain.
- In the Enable SSO for SAML Application page, select to SETUP MY OWN CUSTOM APP.
- In the Google IdP Information page, download the Certificate and IDP metadata. Select Next.
- In the Basic information for your Custom App page, enter an Application Name, and, if you want, a Description and Upload logo. Select Next.
- In the Service Provider Details page, set the ACS URL, Entity ID, and Start URL. These are the ACS (login) URL, Entity ID, and Portal URL from the FortiAuthenticator Edit SAML Portal Settings window. Select Next.
- In the Attribute Mapping page, add the FirstName, LastName, Email, and Memberof user attributes.
The Department setting for Memberof must match the FortiAuthenticator saml_users group.
- Check that the application is ON for everyone.
Go to your user’s Account information and ensure Employee details is Department. Set Department to the same FortiAuthenticator saml_users user group name.