# Single Sign-on with Google G Suite

Platform9 supports single sign-on (SSO) with Google G Suite (G Suite).

To configure G Suite integration, you must have a G Suite Apps administrator account.

As a G Suite administrator, you can enable SSO through G Suite for other users in the organization. This enables the users to sign in to Platform9 Managed OpenStack, by using their G Suite credentials.

## Enable SSO Through G Suite for Platorm9

Follow the steps given below to integrate Google with Platform9 for SSO.

### Step 1 - Login to G Suite

Login to G Suite as the Apps administrator and follow the first few steps given in [Google: Set up your own custom SAML application](https://support.google.com/a/answer/6087519) to set up your SAML custom app.

### Step 2 - Create custom SAML app

From the "SAML Apps" page under the admin section, click the yellow plus sign in the bottom right-hand corner to begin adding a new SAML application, then click **Setup my own custom SAML App**.

<figure><img src="https://2491133324-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTp3vmrOuO3dQilOzN2fE%2Fuploads%2Fgit-blob-05018d8d050eba98a26f3de252a0f94805a7e1d3%2F1605285310.png?alt=media" alt=""><figcaption></figcaption></figure>

Download the IdP metadata XML file and email this to <support@platform9.com>.

<figure><img src="https://2491133324-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTp3vmrOuO3dQilOzN2fE%2Fuploads%2Fgit-blob-02e9f268610456d6f122da4a6be0b5cc2f1b7724%2F1605285325.png?alt=media" alt=""><figcaption></figcaption></figure>

Then, click **Next**.

### Step 3 - Configure basic app information

Specify the name and description of the custom app, and optionally upload a logo for the custom app.

<figure><img src="https://2491133324-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTp3vmrOuO3dQilOzN2fE%2Fuploads%2Fgit-blob-4e4ed050aa7d08f877cc5272603097534b9bbe04%2F1605285344.png?alt=media" alt=""><figcaption></figcaption></figure>

Click **Next**.

### Step 4 - Specify Platform9 (service provider) details

Specify the ACS, Entity ID, and Start URLs as follows.

* **ACS URL**: https\:///Shibboleth.sso/SAML2/POST
* **Entity ID**: https\:///keystone
* **Start URL**: https\://
* Select the **Signed Response** check box.
* Set the Name ID Format to "EMAIL".

<figure><img src="https://2491133324-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTp3vmrOuO3dQilOzN2fE%2Fuploads%2Fgit-blob-3164b9b91418311f62b78768724db574ba707ce2%2F1605285357.png?alt=media" alt=""><figcaption></figcaption></figure>

### Step 5 - Configure exported SAML attributes

Configure the Platform9-required the FirstName, LastName, and Email attribute mappings. Click **Add New Mapping** to add an attribute mapping.

<figure><img src="https://2491133324-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTp3vmrOuO3dQilOzN2fE%2Fuploads%2Fgit-blob-94ad8ee13c6f0d9409d38f58d9b06a7f417ac2a3%2F1605285369.png?alt=media" alt=""><figcaption></figcaption></figure>

Click **Finish** to complete the SAML application setup.

### Step 6 - Create SSO Group Mappings in Platform9

After receiving a confirmation email that the Platform9 Support team has received your IdP metadata & enabled SSO on your environment, login to Platform9 Clarity UI as an administrator. Now, follow the steps 2 through 5 given in the [Integrating Single Sign-On (SSO) Support with Platform9 Managed OpenStack](https://docs.platform9.com/managed-openstack/5.8/authentication-and-authorization/single-sign-on-sso) article. Once this is done, integration of G Suite with Platform9 for SSO is complete.