Implement GSuite Single Sign-On

This article explains how to implement Single Sign-On (SSO) from GSuite into Cezanne HR using SAML 2.0.

1. Configuring GSuite
  1. Log in to the GSuite Admin Console - https://admin.google.com
  2. Navigate to: Apps >> SAML Apps
  3. Select the '+' button in the bottom right corner:
  1. Select Setup My Own Custom App.
  1. Copy the SSO URL and Entity ID.
  2. Download the Certificate (Not the IDP Metadata).
  3. Click Next.
  1. Enter an Application Name (e.g. Cezanne).
  2. (Optional) Upload a logo.
  3. Click Next.
  1. Enter 'https://w3.cezanneondemand.com:443/cezanneondemand/-/<TenantID>/Saml/samlp' as ACS URL.
  2. Enter 'https://w3.cezanneondemand.com/CezanneOnDemand/' as Entity ID.
  3. Enter 'https://w3.cezanneondemand.com:443/cezanneondemand/-/<TenantID>' as Start URL.
  4. Leave the other settings as default and click Next.
  1. On the next screen, just click Finish.
  2. Decide who to give access to:
2. Cezanne Configuration
  • Log in to Cezanne as an HR Professional.
  • Navigate to: System Setup >> Security Settings >> Single Sign-On Configuration.
  • Check SAML2.0 and select the 'Advanced Configuration' option beside it.
  • Click Add New.
  • Enter 'GSuiteSAML' as the Display Name.
  • Change the SAML Binding to 'POST'.
  • The Entity Identifier should be set the same as the Entity ID value from Section 1: Step 5.
  • The Security Token Service Endpoint should be set the same as the SSO URL value from Section 1: Step 5.
  • Download the certificate provide by the SSO setup from section 1: Step 6. Change the extension from .pem to .cer This can now be uploaded into cezanne using the Public Key Certificate field.
  • Click Save and Close.
3. Test Single Sign-On with Cezanne
  • Navigate to the Login page for Cezanne.
  • Click the Enterprise log In button.
  • Select the GSuiteSAML icon.
  • This should redirect to the GSuite login page to enter your corporate credentials.

Note:

  • This redirect only happens once.