Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Google Suite - Integrate SSO with PING IDP

This procedure describes how to integrate Single Sign-On (SSO) with PING IDP.

Prerequisites

Make sure you have the following items before integrating SSO with PING IDP:

  • Admin access to Google Suite portal (https://gsuite.google.com).
  • Admin access to Pingone portal (https://admin.pingone.com).
  • Access to Skyhigh CASB tenant and existing Google Drive managed service. (Focusing mainly on G Drive app from G Suite.)
  • Access to Ping SSO with G Suite as third-party IDP.
  • Download the SP Certificate from Set up single sign-on (SSO) under Security.
    • To download the SP Certificate, click DOWNLOAD CERTIFICATE.
      clipboard_eebbb51a4bea72922b2903f9258f02c3b.png
  • Download the IDP Certificate from Ping admin under the existing G Suite application.
    • To download the IDP Certificate, click Download next to Signing Certificate.
      clipboard_eb84caacd0fcfc8832f3139ad6d3746e2.png

Setup the SSO Integration via Proxy

Perform the following activities to achieve the SSO Integration via Proxy:

Step 1: Configure Proxy in Skyhigh CASB

  1. Login to Skyhigh CASB to configure SAML setup for the existing G Drive managed service.
  2. To set up SAML, click managed G Drive instance and select Setup > Configure.
  3. Under Upload Identity Provider Certificate, upload the IDP Certificate and click Next.
  4. Under Provide Service Provider Certificate, upload the SP Certificate and click Next.
  5. Download Proxy Certificate and save it in your local folder.

Step 2: Configure SP in G Suite Portal

  1. Login to the G Suite admin portal to configure SP.
  2. Choose Security > Set up single sign-on (SSO) to go to the SSO page.
  3. Scroll to Setup SSO with the third party identity provider and to upload the Proxy Certificateclick Replace certificate.
  4. Replace the existing IDP Certificate (added as part of the SSO setup) with Proxy Certificate.
    clipboard_e8b51c180e3d80dae02ee0d00625c91d0.png

Step 3: Configure IDP in Pingone Portal

  1. Login to the Pingone admin portal to access the existing G Suite application.
  2. To update the Connection Configuration, click Edit > Continue to Next Step.
  3. Under the Connection Configuration, change the ACS URL as listed:

Step 4: Validate the SSO Integration with Proxy

The SSO Integration with Proxy is completed. To verify the result of the SSO integration, perform the following activities:

  1. Go to https://gsuite.google.com and log in using your custom domain. Select the target app as Drive.clipboard_ed3be3fee4a9d40ee475ccdfea647f25d.png
  2. Click GO. You are navigated to the Ping Sign-On page. Provide your valid IDP credentials to get authenticated.
    clipboard_ed29915145d53cfac00c6c982c872c46f.png
  3. Click Sign On. You are redirected successfully to the G Drive application. Check the address bar to confirm the access is via proxy.
    clipboard_ec7a108cf84d92cb09bfa6c2a0d7c77f4.png
    The address bar concludes that the SSO configuration via proxy is successful for Google Drive with Ping IDP.

NOTE: The configuration changes may take some time to reflect. So wait for 10 to 15 minutes before testing the proxy integration.

  • Was this article helpful?