CollaborNation can integrate with a variety of different systems. In this article, you will learn how to configure your Google Workspace to have a Single Sign-On (SSO) set up to CollaborNation.
1. Create a custom attribute in Google Workspace for user profiles
With CollaborNation, each organization has their own unique login URL to direct learners specifically to their site. Learners can be part of multiple organizations, which they can switch between with a dropdown in their user profile. For more details on how this appears, please see the switching sites article.
For the SSO to be configured correctly to direct your learners to the correct site, you will need to add a custom attribute in Google Workspace.
1. Go to Menu Directory > Users.
2. At the top of Users list, click More options Manage custom attributes.
3. At the top right, click Add Custom Attribute.
4. Create a custom field:
- Category: Enter a name for the category to add. We recommend CollaborNation.
- Description: (Optional) Enter a description of your category.
- Under Custom fields, create a custom attribute:
- Name: Enter the label you want to display on the user’s account page. We recommend Ident.
- Info type: Select Text
- Visibility: Select whichever is most appropriate for your installation.
- Visible to user and admin: Super administrators can see the custom attribute in the Admin console.
- Visible to organization: All users in the organization can see the custom attribute in each others' profiles.
- Number of values: Select Single value.
- Click Add. The category appears in the Manage user attributes page.
2. Set up a custom SAML application in Gmail
Next you will need to create a custom SAML application in Gmail. For convenience, here is Google's primary article on creating a custom SAML application. http://support.google.com/a/answer/6087519?hl=en
1. Log in to your Google Admin console: https://admin.google.com
2. Go to Menu Apps > Web and mobile apps.
3. Click Add AppAdd custom SAML app.
4. On the App Details page:
- App Name: Enter the name of the custom app. We suggest calling it CollaborNation, but it can be anything you want.
- Description: (Optional) You can enter any description that you like. We suggest entering "An SSO connection with CollaborNation, the learning content management system (LCMS)."
- App icon: (Optional) The app icon appears on the Web and mobile apps list, on the app settings page, and in the app launcher. If you don't upload an icon, an icon is created using the first two letters of the app name. Icons are attached at the bottom of this article if you wish to upload icons.
5. Click Continue.
6. On the Google Identity Provider details page, get the setup information needed by the service provider using one of these options:
- Download the IDP metadata.
- Copy the SSO URL and Entity ID and download the Certificate (or SHA-256 fingerprint, if needed).
7. Once you have this information, please send us the IDP metadata, SSO URL, Entity ID, Certificate, and SHA-256 fingerprint. We will then configure the integration on our side.
8. Click Continue.
9. In the Service Provider Details window, enter in the following information for your custom app:
- ACS URL: We will be able to provide this URL once you send us the IDP metadata from the previous step.
- The URL will almost always be: https://collabornation.net/saml_login_providers/acs/IDENT
- The IDENT is the ID used to log in to your site. This can be found on Site Building for the login URL. For example, https://collabornation.net/login/IDENT
- Entity ID: collabornation
- Start URL: [blank]
- Name ID format: EMAIL
- Name ID: Basic Information > Primary email
10. Click Continue.
11. Next you will need to add the custom attribute mapping. Click Add Mapping.
Google Directory attributes | App attributes |
---|---|
First name | First Name |
Last name | Last Name |
Primary email | Email |
Ident | Ident |
12. Click Finish.
3. Enter the Ident for User Accounts
With the custom attribute created and the app set up, you now will need to add the appropriate ident for each user account in Google Workspace.
1. Go to Menu Directory > Users.
2. For each account, click on their name to edit their profile.
3. Click on the User information box.
4. Under the CollaborNation custom attribute, enter your IDENT under Ident.
5. Click Save.
4. Turn on your SAML app
1. In your Google Admin console (at admin.google.com)...
2. Go to Menu Apps > Web and mobile apps.
3. Select your SAML app.
4. Click User access.
5. To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
6. Ensure that the email addresses your users use to sign in to the SAML app match the email addresses they use to sign in to your Google domain. Changes can take up to 24 hours but typically happen more quickly.
5. Verify that SSO is working with your custom app
1. In your Google Admin console (at admin.google.com)...
2. Go to Menu Apps > Web and mobile apps.
3. Select your custom SAML app.
4. At the top left, click Test SAML login.
Your app should open in a separate tab. If it doesn’t, use the information in the resulting SAML error messages to update your IdP and SP settings as needed, then retest SAML login.
Once live, you users can click on the Google apps icon in the upper right, then select CollaborNation to launch the SSO.