The EmpowerID SSO framework allows you to integrate Google Apps with EmpowerID, making EmpowerID the identity provider for your organization's Google app account. In this way, users can access their corporate Google accounts directly from EmpowerID using their EmpowerID credentials, their corporate AD logins or those of another trusted (third-party) identity provider that has been integrated with EmpowerID.
You must have a Google Apps for Business or Education account with Google. For specific directions on registering EmpowerID as an application in Google, see the information provided by Google at https://console.developers.google.com. |
If you have not connected EmpowerID to your enterprise Google Apps account - Tick Create a New Account Directory or select Google from the Select existing Account Directory drop-down. If you select Create a New Account Directory, EmpowerID creates a special type of "tracking-only" account store, named after the application, that is internal to EmpowerID. A tracking-only account store account exists as a container within EmpowerID for storing user and group records apart from those located in the actual directory Google maintains for your Google Apps. If you select Google, EmpowerID uses the Google tracking-only account store that is configured out-of-the-box.
Although you have the option to create a tracking-only account store for Google Apps, the best practice is to connect EmpowerID to Google so you can inventory and synchronize the user data in your Google Apps account with EmpowerID. This lets you create new Google accounts in EmpowerID and have them appear in Google and vice-versa. For more information, see Connecting to Google Apps. |
Now that you have created the application in EmpowerID, the next step is to set up SSO with EmpowerID in Google. For specifics, see Google's instructions at https://console.developers.google.com.
After registering EmpowerID in Google, you can test the SSO connection as outlined below.
In the Register SSO Application Account form that appears, select Google (or whatever you named the SSO application when you created it) from the SSO Application drop-down, type your Google login in the SSO Application Login field, and click Submit.
In this image, the Navigation Sidebar is collapsed to conserve screen real estate. |
EmpowerID sends a one-time password to the email address associated with your account.
Type the one-time password in the Password field and click Submit.
Because you are the owner of the application, EmpowerID grants you access to it. If you were not the owner, it would route the access request to the owner for approval. |
|