Single Sign-On Integration Setup
Craig Medland avatar
Written by Craig Medland
Updated over a week ago

In order for your students and faculty to enjoy seamless single sign-on (SSO) with their Google Workspace accounts, we'll need to configure a few things.

itopia Labs provides a secure Single Sign-On provider for Google Workspace. Students and instructors use their Google identity to log into the Labs Student Portal. When they launch their Labs session, the remote desktop is automatically logged into their Google account by using Labs' SSO provider.

In order to enable this functionality, your Google Workspace organization must be configured to redirect authentication requests to the Labs SSO provider. Google currently allows this redirection to be applied universally to all authentication requests or to be scoped to only redirect requests that come from a specific IP address range.

To support seamless SSO for Labs session, itopia Labs requires you to configure Google Workspace SSO Integration to use the Labs SSO provider as a scoped provider; that is, only authentication requests that come from itopia Labs' public IP range will be forwarded to the Labs SSO provider. All other authentication requests will be handled by Google.

IMPORTANT: Google Workspace only supports configuring a single external identity provider (IdP) for their SSO integration. If you are already using another third-party IdP platform, you will be unable to add the Labs SSO provider and your students will have to authenticate their Google accounts when they access their remote desktops.

Configure Google Workspace for the Labs SSO Provider

You'll be prompted to configure the Labs SSO provider as part of the initial Setup Wizard for your Labs District. The wizard can perform the configuration automatically on your behalf; you only need to authenticate to your Google Workspace account as a super administrator and the wizard will handle the rest.

Alternatively, you can manually configure your Google Workspace environment with the settings below. These settings and values can also be viewed in the Setup Wizard by clicking I'd rather configure it myself.

If you do not wish to perform this configuration or are unable to do so because you are already using an external IdP, click I'd rather configure it myself and then click Next without performing the manual steps listed.

Enable SSO integration with Google Workspace

  1. In the itopia Labs Setup Wizard, navigate to the Identity integration with Google Workspace screen.

  2. Click I'd rather configure it myself.

  3. Click the Download button to download a copy of the Labs SSO provider SSL certificate. You will need to upload this certificate to your Google Workspace organization in the steps below.

  4. Log into the Google Workspace Admin Console (admin.google.com) as an Organization Owner. Navigate to Security » Set up single sign-on (SSO) with a third-party IdP. You may also use this link to navigate there directly: Google Workspace - Single sign-on (SSO) with third-party identity providers (IDPs)

  5. In the section labeled SSO profile for your organization, click the Edit (pencil) icon; you may need to hover your mouse over this section for the icon to appear.

  6. Check the box labeled Set up (SSO) with a third-party identity provider

  7. Provide the following values:

Sign-in page URL:

Before March 6, 2022

https://idppy-2axlned7rq-uc.a.run.app/login

After March 6, 2022

idp.labs.itopia.app/login

Sign-out page URL:

Before March 6, 2022

https://idppy-2axlned7rq-uc.a.run.app/logout 

After March 6, 2022

idp.labs.itopia.app/logout

Verification certificate

Upload the certificate you downloaded from the itopia Labs Setup Wizard

Network masks:

fda3:e722:ac3:10:95:fdde:a06:34/32

Change password URL:

<leave blank>

5. Click Save.

For additional guidance, refer to the screenshots below or contact itopia Support.


itopia Labs Setup Wizard


Google Workspace SSO with third party IDPs

Related Articles

Did this answer your question?