The SDO service allows users secure, password-free access to Google's Workspace service. Users are able to log into the console by authorizing the connection through an app on their phone. This article provides the steps needed to enabled the SDO service for Google Workspace.
Important Note: Users that are designated with Super Administrator permissions in Workspace will automatically bypass all Single Sign-On configurations. As a result, all Super Administrators will need to log in with their normal Google Workspace usernames and passwords, and will not use SDO for authentication.
Enabling SDO for Google Workspace
- 1. In the Control Panel, click on My Services from the left-hand menu.
- Click on the Secret Double Octopus vendor band to expand it.
- Under the expanded vendor band, click on the Services tab.
- Click on the Edit button for Google Workspace
- Select your primary domain from the Domain drop-down field.
- Click the Enable Google G-Suite button.
- Click on the Service Metadata tab.
- The Service Metadata page will show the Login and Logout URLs for your SDO authentication connection. Record these URLs, as they will be used to set up Google Workspace for SDO access.
- Copy the contents of the X.509 Certificate text box.
- Open a text editor such as Notepad and paste the copied X.509 Certificate text.
- Under the File menu, select Save As, and save the file with a to .pem file extension
- Save the file to an easily found location on your computer (a drive root will be the easiest to reference).
Setting up the Workspace account for SDO Authentication.
- Log into your Workspace Admin account
- From the Google Admin menu, click on Security.
- In the Security page, click on "Set up single sign-on (SSO) with a third party IdP"
- Check the box labelled Set up SSO with third-party identity provider.
- In the Sign-in page URL, enter the Login URL you recorded in step 8 of the previous section.
- In the Sign-out page URL, enter the Logout URL you recorded in step 8 of the previous section.
- Click the Upload Certificate link
- Navigate to and select the .pem file you saved in step 12 of the previous section, and click Open.
- Click Save at the bottom of the page.
- Return to the Control Panel, and click the Configuration tab in the Secret Double Octopus Configuration window.
- Enter your GSuite domain name in the G Suite Domain field.
- Enter the SSO URL field in the format "https://www.google.com/a/<your GSuite domain>/ServiceLogin?continue=https://mail.google.com"
- Click the Save button
The Workspace service is now enabled for authentication through SDO. When a user logs into the Workspace/Gmail portal with their username, they will be automatically redirected to the SDO Authentication page, which will trigger login authorization through the SDO Authenticator app.