SETTING UP SINGLE SIGN-ON WITH GSUITE
If you use GSuite within your organisation, setting up single sign-on will allow all of your users to access Clearooms without needing to invite them and for them to remember additional passwords.
This short guide will walk you through how to configure GSuite and Clearooms should you wish to take advantage of this feature.
Step 1 - Get your Clearooms SSO Settings
To set up single sign-on, you will need to let Google know your unique Clearooms Entity ID, ACS URL, and Start URL. To get this, head to Settings > Single Sign-On and toggle the Enable SAML Based Single Sign-On switch. This won't turn it on immediately for users at this stage but it will show you the required information you will need.
Keep this tab open in your browser or copy the Metadata URL, Login URL and Reply URL and keep them handy, before heading to your GSuite admin console (https://admin.google.com)
Step 2 - Create the SAML Application in GSuite
Once logged into the admin portal select Apps.
Next, click SAML apps.
This next page shows a list of all of your configured SAML Apps. Click the plus icon to add a new SAML app.
Once the popup opens showing a list of pre-configured applications, look at the bottom for the Setup my own custom app button.
You don't need the information displayed just yet as we can get it all further in the process, so just click Next.
Give your SAML App a name, description and logo that your users will see.
The Clearooms icon is available here if you want to use our logo.
Now from the information you gathered in Step 1, enter it into the following fields:
|GSuite Field||Clearooms Field|
|ACS Url||Reply URL|
|Entity ID||Metadata URL|
|Start URL||Login Url|
Click Next to progress to the Attribute Mapping step.
Clearooms requires a user's email address, first name and surname so we need to map them across from the data held in GSuite. Click Add New Mapping and enter the following:
|Mapping Name||Field Group||Field|
|emailaddress||Basic Information||Primary Email|
|givenname||Basic Information||First Name|
|surname||Basic Information||Last Name|
Click Finish and that will be the SAML App set up. The next task is to allow your users access to the app you have created.
Step 3 - Give your users access
From the SAML App screen, you might notice that this app is OFF for everyone. Click on that box to choose which Organisation units you have set up in your directory to allow access, or allow all users access
Step 4 - Enter the GSuite details in Clearooms
Now that the app is ready we can add the information into Clearooms. Click the Download metadata link in the GSuite SAML app to show the GSuite details required.
We need to copy and paste the SSO Url, Entity ID and Certificate into Clearooms.
- Copy the SSO Url field from GSuite into the SAML 2.0 Endpoint field in Clearooms
- Copy the Entity ID field from GSuite into the Identity Provider Issuer field in Clearooms
- Copy the Certificate field from GSuite into the Public Certificate field in Clearooms
Click Save and we are all done.
Step 5 - Check your settings
It is recommended that you open a different browser, a new private browsing window or test using a different workstation to check the implementation as if you have misconfigured the system you may not be able to log back in.
Once on a different session, head to Google and you should see Clearooms in your Google Apps list. Clicking this will automatically log you in (creating you an account if you have don't have one). Once users have accounts within Clearooms, if they try to log in directly in the portal they will be redirected to GSuite to sign in.
Get Extra Support
If you having any trouble connecting your GSuite account, please get in touch with us and we can assist in the process.