Setting up Google SSO with Kazoo!

Currently, Kazoo does not have a pre-integrated app within Google SSO’s cloud app integrations list.
As this is the case, a new app will need to be created by an administrator in order to connect Google SSO with Kazoo.

Requirements

  • Google SSO account
  • Kazoo subdomain
  • User with admin access to both Google SSO and YEI

***Important Note:*** If users will be accessing mobile app, please ensure that configuration allows access to SSO connections outside of the company’s network.

Step 1

Setting up the app

  • Login to a Google account with Administrator access

  • From the Admin console Home page, go to Apps and then SAML Apps. To see Apps on the Home page, you might have to click More controls at the bottom.

  • Click the plus (+) icon in the bottom corner.

  • Click Set up my own custom app.

  • The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate.

  • Collect the service provider Setup information and provide the IDP Metadata file to your YEI Customer Success representative.

  • In the Basic Application Information window, add an application name and description.

(Optional) Click Choose file next to the Upload Logo field to upload a PNG file to serve as an icon. The file size should be 256 x 256 pixels.

  • In the Service Provider Details window, add the following:

ACS URL: https://subdomain.youearnedit.com/saml/acs)

Entity ID: subdomain.youearnedit.com
Note: DO NOT include http:// or https:// prior to subdomain as it will prevent users from being able to log in.

  • The ACS URL and the Entity ID are provided by your Kazoo Customer Support representative. Note: Google setup instructions request a start url. Our app does not need the start url at this time

  • Set Signed Response to true.

  • Click Next. (Optional) Click Add new mapping and enter a new name for the attribute you want to map. Note: You can define a maximum of 500 attributes over all apps. Because each app has one default attribute, the total amount includes the default attribute plus any custom attributes you add.

  • In the drop-down list, select the Category and User attributes to map the attribute from the Google profile. Note: Make sure that Name ID and Name ID Format are both set to: email as Employee ID cannot be used for attribute mapping.

  • Click Finish.

Step 2

Connecting your App

  • From the Admin console Home page, go to Apps and then SAML Apps. To see Apps on the Home page, you might have to click More controls at the bottom.

  • Select your new SAML app.
  • At the top right of the gray box, click Edit Service Compose.
  • At the left, the top-level organization and any organizational units appear.

Note: Ensure that your user account email IDs match those in the domain for your Google service.

Step 3

Testing

  • Open the single sign-on URL for your new SAML app. You should be automatically redirected to the sign-in page.
  • Enter your sign-in credentials.
  • After your sign-in credentials are authenticated you will be automatically redirected back to your new SAML app.

Note: If your Identity Provider is encrypting your SAML Assertion, disable this encrypting and ensure that the Assertion is sent to Google in an unencrypted format so that it is readable by your Google service.

Resource: https://support.google.com/a/answer/6087519?hl=en