This document describes how you can configure SAML Single Sign-On Authentication in Team Password Manager using Google as the Identity Provider (IdP). Read the SAML Authentication document to learn how SAML Authentication works in Team Password Manager.
Follow these steps:
1. Log into Google's admin console: https://admin.google.com
2. Click on Apps, and then SAML apps:
3. Click on the "Add App" dropdown and select "Add custom SAML app":
4. Enter the app name (Eg. Team Password Manager) and logo. You can use the our logo located here if you want: https://teampasswordmanager.com/assets/img/public/teampasswordmanager.jpg. Then click "Continue":
5. Enter the Identity Provider details in your installation of Team Password Manager:
5.1 Log into your installation of Team Password Manager and go to Settings (top menu), then "SAML Authentication". Enable SAML Authentication if it's not enabled. Then click on "Edit Identity Provider SAML Settings".
5.2 Copy the "SSO URL" value in the Google IdP details and paste it in the "Single Sign On URL" field in Team Password Manager.
5.3 Copy the "Entity ID" value in the Google IdP details and paste it in the "Entity Id" field in Team Password Manager.
5.4 Leave the "Single Logout Service URL" field in Team Password Manager blank.
5.5 Copy the "Certificate" value in the Google IdP details and paste it in the "Certificate" field in Team Password Manager.
5.6 Click on "Save" in Team Password Manager and "Continue" in the Google console.
6. Copy the Service Provider (Team Password Manager) details to Google:
6.1 Copy the "Entity Id" value in the "Service Provider Settings" in Team Password Manager to the "Entity ID" field in Google.
6.2 Copy the "Assertion Consumer Service URL" value in the "Service Provider Settings" in Team Password Manager to the "ACS URL" field in Google.
6.3 In Google, select "EMAIL" in the "Name ID format" field.
6.4 Click "Continue" in Google.
7. Click "Finish" in the "Attributes" screen in Google (nothing to do in this screen).
8. You'll be taken to the app screen in Google. You need to turn on the service status. To do it click on "OFF for everyone" in the app screen:
Then turn it "ON for everyone" and save:
SAML authentication for Google is now configured. To test, do this:
- Make sure you have an Admin/IT normal user in Team Password Manager. If anything goes wrong you'll be able to log in normally.
- Create a SAML user in Team Password Manager, using an email address that matches an email address of a user in your Google account.
- Log out of Team Password Manager and Google.
- Click on "Sign In via SAML" in Team Password Manager. You'll be taken to Google login screen and you'll need to authenticate using the email address of the user just created in Team Password Manager.
- If all goes well, you'll automatically log into Team Password Manager.
|May 5, 2021:||Document created|