This guide is intended for IT administrators requiring assistance with the single sign-up configuration using Google Suite. Thanks to a recent update, we now provide in-platform support for setting up and managing your single sign-on configuration for G-Suite.
You can refer to the in-platform instructions for setting up single sign-on using SAML in Plexus. This guide will specifically focus on the steps to follow whilst you are logged into Google Admin.
Logging into Google Admin
Log into Google Admin and select the Apps dropdown. Click into Web and mobile apps.
Adding Plexus to your list of apps
Click Add app at the top of the screen.
Click Add custom SAML app from the dropdown.
Name the app (i.e. Plexus-Production). You may use this image if you would like to personalise the app icon.
Click Continue once you're done.
Configure Plexus and Google Admin
From the next page Google Identity Provider details under the heading for Option 1: Download IdP metadata, click Download Metadata.
Upload this file under the section in Plexus to Upload Certificate as highlighted in this guide.
Then click Continue in Google Admin.
On the following page for Service Provider Details, Copy the respective fields from Plexus and paste these fields into their equivalent fields on Google Admin, as highlighted in the guide to set up single sign-on with SAML:
Field from Plexus | Field in Google Admin |
Single sign-on URL | ACS URL |
Audience URI (SP Entity ID) | Entity ID |
If you would like to arrange an optional signature or verification certificate for single sign-on, tick the box for Signed response in Google Admin. Then from Plexus, click Download signature certificate and upload that file into the respective Google Admin field.
For the field "Name ID Format", select the dropdown option for “UNSPECIFIED”. Then click Continue.
Mapping the attributes
On the Attribute mapping page, you'll then need to map the Google Directory attributes to the app attributes available in Plexus. These are:
Primary email → email
First name → first_name
Last name → last_name
First name → name
Click Finish to finalise your entries.
Setting up user access
Click back into the Apps dropdown. Click into your app from Web and mobile apps. Under the menu for User access, click View details.
Ensure that user access is turned ON for everyone once you're ready to finalise and turn on the single sign-on integration.
Save your changes.
Enforcing a user's location and permissions
Plexus currently offers user authentication, providing users access to Plexus using their single sign-on credentials. The ability to enforce a user's unit (their location) and role (their permissions) is managed in Plexus and is not facilitated by single sign-on.
Once single sign-on is configured, users can sign straight into the platform and will be given access to the default unit with the default role. This will allow your users to access the platform and use the apps straight away.
The designated platform admins will receive an email notification to assign the new users to their correct units and provision the correct roles. Any documents uploaded during this time will move with the user to their correct unit.
Need further assistance? Reach out to [email protected] for further guidance.