Advertising sustains the DA. Ads are hidden for members. Join today

On this page

SAML SP Single Sign On (SSO) - SAML Service Provider - by Miniorange

Guide for Drupal Single Sign On (SSO) using Google Apps as Identity Provider (IDP)

Last updated on
21 February 2024

This document will help you in configuring SAML Single Sign-On (SSO) between Google Apps and your Drupal site. By following this guide, you can enable users to log in to your Drupal site using their Google Apps credentials, making it an Identity Provider.

The Drupal SAML SP 2.0 Single Sign On (SSO) module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

Download  Know more

Prerequisite:

Setup Video:  

Drupal G-Suite Administrator Single Sign-On - Setup Video

Drupal SAML SP Metadata:

  • After installing the module on your Drupal site, in the Administration menu, navigate to Configuration -> People -> miniOrange SAML Login Configuration. (/admin/config/people/miniorange_saml/idp_setup)

    Drupal click on Configuration and select miniOrange SAML

  • Copy the SP Entity ID/Issuer and the SP ACS URL from the Service Provider Metadata tab. Keep it handy. (This is required to configure Google Apps as IDP.)

    From-Drupal-site-Copy-the-SP-Entity-ID-and-SP-ACS-URL

Configure SAML Single Sign-On Application in Google Apps:

  • Log into G-Suite Administration account.

  • Navigate to the Apps tab in the left menu and click on Web and mobile apps.

    Google-Single-Sign-On-Navigate-to-Apps-and-select-Web-and-mobile-apps

  • Click on Add app button, and select the Add custom SAML app option from the dropdown.

    Google-Single-Sign-On-click-on-Add-app-and-select-add-custom-SAML-apps

  • In the App details panel, enter the App name and Description (optional). Click on the CONTINUE button to proceed.

    Google Single Sign-On - provide required information, like app name etc

  • On the next screen, under Download IdP metadata, click on the DOWNLOAD METADATA button. Keep the downloaded file handy. (This is needed to configure Drupal as SAML SP.)

    Google-SAMl-Single-Sign-On-download-the-IdP-Metadata

  • Paste the copied SP Entity ID/Issuer and SP ACS URL (from Drupal site) into the Entity ID and ACS URL text field, respectively. Then, click on the CONTINUE button.

    Dupal Google Apps SSO - Provide the required information in corresponding fields

  • In the Attribute mapping panel, select a user field from dropdown under Google Directory attribute (First name) and the corresponding attribute key to be sent in the response (field_fname). You can add more attributes using ADD MAPPING button. Click on FINISH button to proceed.

    Google-SAML-Single-Sign-On-Map-Attributes

Allow User access to Google (G Suit) Application:

  • In the Google Admin console, navigate to Menu -> Apps -> Web and mobile apps.
  • Select the application which you have created on Google Apps. (In this case, Drupal_SAML).

  • Click on the User access.

    Google-SAMl-Single-Sign-On-User-access

  • Enable the checkbox ON for everyone and click on the SAVE button.

    Google-SAML-Single-Sign-On-click-on-for-everyone-app

Configure Drupal as SAML Service Provider:

  • Navigate to your Drupal site. Click on the Service Provider Setup tab and then click on the Upload IDP Metadata.

  • In the Upload Metadata File field, choose the metadata file that you downloaded from Google Apps. Then, click the Upload File button.

    In Drupal's Service Provider Setup tab, upload Google Apps IdP metadata

    If you need to alter your Identity Provider Name, follow these steps:

    • Under Action, select the Edit link.
    • Enter Google Apps in the Identity Provider Name text field.
    • After you have updated your Identity Provider Name, scroll down and click on the Save Configuration button.

  • After successfully saving the configurations, click on the Test link to check the connection between Drupal and Google Apps.

    In-Drupal-click-on-Test-link-to-check-the-connection-between-the-Drupal-and-Google

  • On a Test Configuration popup, if you don't have an active session in the same browser, you will be asked to sign in to Google. After successfully logging into Google Apps, you will be provided with a list of attributes that are received from the Google Apps. 

  • Scroll down and click on Done button.

    Will-show-the-attribute-list-that-are-received-from-the-Google-idp

Congratulations! You have successfully configured Google as Identity Provider and Drupal as Service Provider.

If you face any issues in test configuration you can reach out to us at drupalsupport@xecurify.com with a screenshot of the test configuration window.

How does SAML SSO login work?

  • Open a new browser/private window and navigate to the Drupal site login page.
  • For SP initiated SSO on your Drupal, click on the Login using Identity Provider (Google) link.
  • You will be redirected to the Google Apps login page, wherein the user will enter their Google Apps credentials. Once you have successfully logged in, Google Apps users will be able to access your Drupal site within a seconds.

Contact our 24*7 support team

Feel free to reach out to our Drupal experts if you need any sort of assistance in setting up SAML Single Sign-On (SSO) on your Drupal site.   

 Get In Touch With Us Join Our Slack Channel

back to top Back to top

Help improve this page

Page status: No known problems

You can: