Google Workspace (formerly G Suite) as Identity Provider
- Log in to Google Workspace.
- Go to Apps > Web and mobile apps.
- Click Add app > Add custom SAML app.
- Provide App name and Description.
- Upload the App icon and click Continue.
- On the displayed page, download the certificate under Option 2 (refer to the below image).
In ServiceDesk Plus, go to Admin > Users & Permissions > SAML Single Sign On.
- Under Configure Identity Provider Details, provide the SSO URL of Google Workplace as Login URL.
- Set Algorithm as RSA_SHA256.
- Upload the Certificate.
Go to your Google Workspace account,
- On the Google Identity Provider details page, click Continue.
- On the Service provider details page, paste the Assertion Consumer URL and Entity ID from ServiceDesk Plus.
- Select the NameID as EMAIL and Name ID format as Basic Information > Primary email.
- Click Continue.
- On the Attribute mapping page, add additional attributes to create a complete user profile in ServiceDesk Plus.
- Click Add Mapping.
- Select Google Directory attributes using the drop-down and provide the name of App attributes.
- It is mandatory to configure the login name of the user. This detail will be used by the service provider if dynamic user addition is enabled.
The NameID value configured in Google Workspace should match that of ServiceDesk Plus.
Go to SAML configuration page in ServiceDesk Plus,
- Under Configure Identity provider details, select Name ID Format as Email Address.
- Under Default Fields, map the attribute names as configured in IdP.
- Click Save.
Go to Google Workspace,
- Under the User access section, set the Service status as ON for everyone.
You have now configured ServiceDesk Plus as a service provider in Google Workspace.