Skip to main content
McAfee Enterprise MVISION Cloud

Google Suite SSO Integration with Azure AD (IdP) via Proxy

This procedure describes how to integrate Single Sign-On (SSO) with Azure Active Directory (IdP) via Proxy.

Prerequisites 

Make sure you have the following items before integrating SSO with Azure AD (IdP) via proxy:

Download SP Certificate

  1. Login to the G Suite admin portal to download the SP Certificate.
  2. Go to Security > Set up single sign-on (SSO) for SAML applications and click DOWNLOAD CERTIFICATE.
    clipboard_e3092585ef7b888ff5d01f6585cc4a31d.png
  3. Download the SP Certificate and save it in your local folder. The SP Certificate is used to configure the proxy in MVISION Cloud.

Download IdP Certificate

  1. Login to the Azure AD portal to download the IdP Certificate.
  2. Go to Enterprise application > Google Cloud App > Single Sign-on > SAML Signing-Certificate and click Download next to Certificate (Base64).
    clipboard_e51ee69b0bbe7f4e5a54c00777c3f0446.png
  3. Download the IdP Certificate and save it in your local folder. The IdP Certificate is used to configure the proxy in MVISION Cloud.

Configure the SSO Integration via Proxy

Perform the following steps to achieve the SSO Integration via Proxy:

Step 1: Configure Proxy in MVISION Cloud

  1. Login to MVISION Cloud to configure SAML setup for the existing G Drive managed service.
  2. To set up SAML, click managed G Drive instance and select Setup > Configure.
  3. Under Upload Identity Provider Certificate, upload the IdP Certificate and click Next.
  4. Under Provide Service Provider Certificate, upload the SP Certificate and click Next.
  5. Download the Proxy Certificate and save it in your local folder. The Proxy Certificate is used to configure SP in the G Suite portal.
  6. Add skip.saml.redirect.sig.qs.param to the G Drive Service Card and set the value as true.

Step 2: Configure SP in G Suite Portal 

  1. Login to the G Suite admin portal to configure SP.
  2. Choose Security > Set up single sign-on (SSO) to go to the SSO page.
  3. Scroll to Setup SSO with the third party identity provider and replace the Sign-in page URL with the link: https://www.google.com.gsuite.gdrive.sivaqaar.devshn.net/domain-access?shnsaml-request=https%3A%2F%2Flogin.microsoftonline.com%2Ffcbf8387-fe12-4fb9-a3ed-440e79fa75ee%2Fsaml2
  4. To upload the Proxy Certificateclick REPLACE CERTIFICATE.
  5. Replace the existing IdP Certificate with Proxy Certificate.
    clipboard_e8ec2a904cae7ee8ef1edebb22ade6eca.png

Step 3: Configure IdP in Azure AD Portal

  1. Login to Azure AD admin portal.
  2. Go to Enterprise application > Google Cloud App > Single Sign-on > SAML-based Sign-on.
  3. Click pencil icon to edit Basic SAML Configuration and configure the following:
    • Change the Reply URL (Assertion Consumer Service URL) with the link: https://www.google.com.gsuite.gdrive.sivaqaar.devshn.net/a/awesomeworks.in?shnsaml
    • Change the Sign on URL with the link: https://www.google.com.gsuite.gdrive.sivaqaar.devshn.net/a/awesomeworks.in/ServiceLogin?continue=https://drive.google.com
      clipboard_e8cfb32ca27b2a38c9fce2f313e50ba9e.png
    • Save the Basic SAML Configuration and click Test.
      clipboard_e05dba73016a92efdcd2c6a50f787c2ef.png

NOTE: Before proxy integration, you should choose a functional SSO setup between Azure AD and G Suite. The above screenshots may vary for the user attributes and claims depending on your SSO setup.

Step 4: Validate the SSO Integration with Proxy 

The SSO Integration with Proxy is completed. To verify the result of the SSO integration, perform the following activities:

  1. Login to https://apps.office.com as a non-admin user.
  2. Click Google Cloud application.
    clipboard_e144de927b82ed4ce0df1ac4705e171b1.png
  3. You are redirected to Google Drive (or other applications as per the configuration) automatically.
    clipboard_ea584072fa82b1bb47b697e36e30c4106.png

NOTE: The configuration changes in Azure AD and Google Suite may take some time. So wait for 10 to 60 minutes before testing the proxy integration. 

  • Was this article helpful?