Managing GoogleApps in CloudGateway
- Managing GoogleApps Application in CloudGateway.
- Exporting the SAML certificate from CloudGateway.
- Importing the SAML certificate, enabling GoogleApps with SSO & Provisioning
- Users tries to access GoogleApps from Receiver.
1. Managing GoogleApps_SAML Application in CloudGateway
1. Access ControlPoint GUI of CloudGateway using https://<IP Address>:4443/ControlPoint
2. Provide administrator credentials and login into the portal.
3. Click on the Apps & Docs tab.
4. Click on Web & SaaS App link present in the left pane of the page.
5. Click on the + button to view the Catalog, Search for the required application i.e GoogleApps_SAML in the Catalog. Click on Add.
6. In the Cookies Domain field, enter the registered GoogleApps domain name and in URL field provide GoogleApps SAML login URL. Example Cookie Domain: citrix.com, Example URL: https://www.google.com/a/citrix.com
7. Select the appropriate application Category and Assigned role from the dropdown if you have already configured categories and roles. If not you can also use the default pre-populated values.
8. Provide the Service account [GoogleApps admin account] details of the applications to fetch the users.
9. If you want to enable auto-provisioning functionality, then check Create account automatically checkbox and click on Next.
10. Create the User Name Rule using the User Attribute drop down. Ex: $FN$DOT$LN
11. Provide the details in the Password Requirement and Password Expiration and Click on Next. If you don’t have any password rules configured, you can make use of default values.
12. If you want the user to have a Workflow approval before he can access the application, check the Require Approval checkbox if you want to configure provisioning workflow. Then click on Next.
13. Verify the Device Security options and Network Requirements, Click on Save to manage the application.
2. Exporting the SAML certificate from CloudGateway
1. Access the ControlPoint portal of CloudGateway using https://<CloudGateway IP Address>:4443/ControlPoint
2. Click on Settings link.
3. Now in the left pane click on Certificates, Select the SAML certificate from the list of certificates and click on Export.
4. Provide a password to export the certificate and click Ok to save the certificate as .pem or .cer depending on the application requirement and upload the same.
3. Importing the SAML certificate, enabling GoogleApps with SSO & Provisioning
1. Login to Google Apps application, using an administrator account.
2. Click on Domain Settings, under User settings check the check box Enable provisioning API
3. Click on Advanced tools and click on Set up single sign-on (SSO) link.
4. Check the box “Enable Single Sign-on” and key in the Sign-in page URL as “https://<CloudGateway FQDN>/webssouser/websso.do?action=authenticateUser&app=GoogleApps_saml&reqtype=1”.
5. Provide the appropriate values in Sign-out page URL, Change password URL and upload the certificate which was downloaded from CloudGateway in the previous step.
6. Click on Save Changes.
4. Users tries to access GoogleApps from Receiver
1. Users Login to Receiver, Click on Add Apps to add GoogleApps app into Receiver pane.
2. Users Click on the Application icon to expreience SSO to GoogleApps.
1. The user who access the GoogleApps from Receiver should have a valid GoogleApps account.
2. CloudGateway time should be in sync with UTC time, as SAML token exchange is dependent on the time stamp of the token.