Skip to main content
All CollectionsCloudApps for AdministratorsGetting started
Set up single sign-on integration for Google Workspace
Set up single sign-on integration for Google Workspace
F
Written by Fegeins Louis
Updated over a week ago

Overview

Students and faculty can seamlessly sign into CloudApps Classroom by integrating with their Google Workspace accounts. Then, they can use single sign-on (SSO) to quickly log into the CloudApps Student Portal with their Google identity.

Once the integration is set up, the CAC remote desktop will automatically log in with the user's Google account.

In order to enable this functionality, your Google Workspace organization must be configured to redirect authentication requests to the CloudApps SSO provider. Google currently allows this redirection to be applied universally to all authentication requests, or to be scoped to only redirect requests that come from a specific IP address range.

To support seamless SSO for a CloudApps session, itopia CloudApps requires you to configure the CloudApps SSO provider as a scoped provider, so only authentication requests that come from itopia CloudApps' public IP range will be forwarded to the CloudApps SSO provider. All other authentication requests will be handled by Google.

❗️Heads up

Google Workspace only supports configuring a single external identity provider (IdP) for their SSO integration. If you are already using another third-party IdP platform, you will be unable to add the CloudApps SSO provider and your students will have to authenticate their Google accounts when they access their remote desktops.

Configure Google Workspace for the CloudApps SSO Provider

To configure your Google Workspace environment, follow the steps and settings below.

πŸ“ Note

These settings and values can are also displayed directly on the Single sign-on (SSO) configuration screen.

1. Log into the CloudApps Admin Console as a user with Editor or Owner rights to the District.

2. Click the District tab in the side menu --> locate the Configuration card.

District > Configuration card.png

3. In the Single Sign-On Integration section, click Configure.

4. Toggle Enable SSO integration with Google Workspace on.

Enable SSO with Google Workspace.png

5. Click Download to download a copy of the CloudApps SSO provider SSL certificate. You will need to upload this certificate to your Google Workspace organization in the steps below.

6. In a separate browser tab, log into the Google Workspace Admin Console as an Organization Owner.

8. From the SSO profile for your organization section β†’ click the Edit (pencil) icon.

βœ… Tip

You may need to hover your mouse over this section for the icon to appear.

9. Check the box labeled Set up (SSO) with a third-party identity provider. Then, provide the following values:

    • Sign-in page URL:

idp.labs.itopia.appΒ 
    • Sign-out page URL:

idp.labs.itopia.app/logout
    • Verification certificate: Upload the certificate you downloaded in Step 6.

    • Network masks:

fda3:e722:ac3:10:95:fdde:a06:34/32;34.73.72.8/32;34.73.162.139/32;34.72.27.102/32;34.136.237.224/32;34.105.58.65/32;35.247.99.83/32
    • Change password URL: <leave blank>

10. Click Save.

11. Return to the browser tab that has the CloudApps Admin Console open. Click Save.

Now, your Google Workspace SSO integration should be ready to go for teachers and students.

Did this answer your question?