Welcome guys, this will be the first post relevant to Google Apps for Work. I’ve seen that there are a lot of people out there that would like to setup SSO with Google Apps for Work and they are not informed enough on what does this mean for the users.
Some research has made you interested in implementing Single-Sign-On for your domain in Google Apps for Work.
Just to ensure we’re on the same page, implementing an SSO provider will effectively remove the authentication process from Google’s control and hand it over to your new Identity Provider. This IdP can communicate with Google via the SAML(Security Assertion Markup Language) for the purposes of authenticating any non-Super Admin accounts on your domain. A caveat worth noting is that Super Admin’s will be required to authenticate against Google and will not automatically be redirected to your SSO provider.
# How will this change my users experience?
- Any user accessing service.google.com/a/domain.com will be redirected to your SSO page
- Your users will authenticate (Username and password normally) against the IdP and as long as the authentication is successful, they’ll be relayed back to the Google service they tried to access
# How will this affect support/administration?
- Super Admins will not be affected and will be able to log in via the normal Google process
- Support for SSO is limited to ensuring your IdP is passing back to correct parameters (we can assist with with Capturing a HAR file and debugging it)
- As you’ve delegated authority to your SSO provider away from Google, we are unable to provide support for the deployment of your SSO solution as each solution is unique to your provider
- Since all SSO provider are third party, we’ll regrettably be unable to offer any direct recommendations however you can view a list of known providers at https://en.wikipedia.org/wiki/List_of_single_sign-on_implementations and please do note you may find relief in the apps marketplace at https://apps.google.com/marketplace/search/sso as well as possible support for your new app.
# What are my alternatives?
- Ensure 2Factor Authentication is active on your account a per https://support.google.com/a/answer/184711?hl=en
- Continue to use strong passwords and change them regularly. You also have the option of using a third party password manager application but please note this would not be supported under your Google for Work account.
I hope this information has been helpful, there will be more to come. In the mean time if you have any questions or other info that you think it might be missing from this article, please do not hesitate to leave us a comment.
We’ll get back to you as soon as we can.