Skip to main content

Integrate with Google (SAML)

Stopino
  • Updated

Users with the Manage Users and Permissions user permission can set up single sign-on with Google. The SAML This is the recommended SSO option for Microsoft users.
This integration creates user accounts as users log in for the first time and gives them the option to log in with Google.
This is a three-step process:

  1. In Google, add a new SAML application.
  2. In Facilities Drawing, set up the integration.
  3. In  Facilities Drawings, set default roles for users who log in via Google.
Important: Because of the technical knowledge required, your district's IT administrator will most likely need to perform this procedure.

Step 1: In Google, add a new SAML application.

A few things to take note of while setting up the SAML application: 

  • Fields are case sensitive.
  • You will need the Entity ID ( which matches the ACS URL), Google Issuer URL, and certificate information to enter into .

    Note: Enter https://XXXXX.mldrawings.com/MLSAMLConnect.aspx in the Entity ID and ACS URL fields. Replace “XXXXX” with your custom subdomain.

  • From the Name ID format field, select PERSISTENT.
  • From the Name ID, select Basic Information > Primary email.
  • In Attribute mapping, Google Directory attributes section, you need to match the text exactly as follows: 
    • Basic Information
      • Primary email -> Email
    • Employee Details
      • Employee ID -> ExternalId
    • Basic Information
      • First name -> FirstName
    • Basic information
      • Last name -> LastName
  • In Attribute mapping, under Group membership, it is required to put Group in the App attribute field and enter names of the Google groups that can log in via SAML.
Note: Google’s interface and field names may have changed since this was written. Use these steps as a general guide, and select the closest matching options in your Google portal.

 

Step 2: In Facilities Drawings, set up the integration.

Note: A user with the Google super administrator role is required to perform this task.
  1. In Drawings, select Admin > Single Sign On > SAML Configuration. The SAML Integration Admin page appears.
  2. Next to Google, click . A pop-up appears.
    SMAL Google integration pop-up.

  3. Do the following:

    • Under Issuer, enter your Google issuer URL. 
    Note: You can copy the issuer URL from Google Admin Console. In Service Provider Details, click Manage Certificates, copy the Entity ID field and paste it here.

    • To let users sign in with Google option on the login page, enter the Login Link.

      Note: To obtain this, click the Google apps icon (). Right-click the SAML app for Drawings, click Copy Link Address, and then paste the link. 

    • Under Certificate, enter the certificate.

      Notes:

      • You download this from Google.
      • On the certificate, remove ---Begin Certificate--- and ---End Certificate---.
  4. Click Save

Step 3: In Drawings, set default roles for users who log in via Google.

Note: You can create as many SAML groups as you want. When a user first logs in, they are assigned the role based on the group they belong to. You can also manage additional roles in Drawing, but cannot remove these default roles.
  1. Select Admin > Single Sign On > SAML Group Settings. The Manage SAML Groups page appears.
  2. Click +Add SAML Group. A pop-up appears.
     

  3. Do any of the following:

    • Enter a Group Name.

    • Select the desired Roles.

    • Select the desired Systems

    Note: To select All Systems, select the checkbox.

    • Select the desired Asset Types.

    Note: To select All Asset Types, select the checkbox.
  4. Click Save.
  5. Repeat steps 2-4 for each group you want to add.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk