Skip to content

How to set up G Suite federation

Let’s start with G Suite & AWS federation:

1. Log in to your Google Admin Console and click on the user button as shown in figure:

2. Create a new category of custom attributes

a. Click Manage Custom Attributes

In the G Suite directory, once in Users screen, select More from the top menu. Then select “Manage Custom Attributes”.

b. Choose “Add Custom Attribute”

In the top-right corner of the page click on “Add Custom Attribute”.

c. Fill the Form

Fill the form like in the figure below:

3. Create a SAML-Based application

In order to set up a SAML-Based Single Sign-On, we first need to create a custom application representing AWS.

a. Return to main page and browse to the "Apps" section

b. Add a new SAML application

Select Amazon Web Services template

Click on the “Add apps” selector in the menu bar, then "Search app" like in figure:

Then Search for "Amazon Web Services", wait for search to complete then select the one in figure, being careful to check that is a "Web SAML":

Save the IDP Metadata file

The IDP Metadata is a .xml file containing configuration parameters and the X509 certificate. It enables the trust relationship between Identity and Service Provider. Save it; we will use it in a later step.

⚠ The metadata file must be kept secret and securely stored : the security of the solution relies on its secrecy.

Choose the Service Provider’s details id

Under Service Provider Details, select EMAIL choosing from the Name ID Format drop-down like in figure, leave the rest as it is.

Add the attribute Mapping

The attributes previously created are associated and mapped to the SAML assertion. The first 2 are predefined by Google, set the following mapping with the help of the figure:

Add another mapping and set it like this:

This is the final setup:

4. Enable the SAML App

a. Turn ON the App

Go back to the **SAML app menu list (from the Admin Panel, select “Apps”) and select the Amazon Web Services line:

Go to the user panel like in the figure and click on the down chevron icon:

Once in the panel click on "ON for everyone" and press save.

Now you’ve added the Amazon Web Service application to your App Google menu.

Click on your App Google menu, locate the new entry, and right-click on it to copy its value. We will need this in the next tutorial.

Congratulations, the first phase of the federation is complete, follow up with the next tutorial to set up the federation on AWS side.

Back to top