Single Sign-On via Google

You can integrate Creatio with Google to manage single sign-on for all Creatio users that work in the corporate network.

Important

This example uses the https://site01.creatio.com/ Creatio URL and “appid” application id in OneLogin. Replace these values with your website URL and the id of the corresponding application in OneLogin when you perform the actual setup.

The following steps are the general procedure required to set up Single Sign-On in Creatio:

1. Perform the setup in Google. Read more >>>
2. Perform the setup in Creatio. Read more >>>

Perform the setup in Google

1. Open the https://admin.google.com/ page.

2. Log in as a Workspace administrator.

3. Go to Menu → Apps → Web and mobile apps.

4. Click Add App → Add custom SAML app (Fig. 1).

   Fig. 1 Add custom SAML app

   

5. Enter the app name → Continue.

6. Copy the SSO URL and Entity ID for later (Fig. 2).

   Fig. 2 SSO parameters

   

7. Download the certificate.

8. Click Continue. This opens a window.

9. Fill out the following parameters (Fig. 3):

   Fig. 3 Provider details

   

   Parameter	Parameter value
   ACS URL	Enter the full website path together with the /ServiceModel/AuthService.svc/SsoLogin address. For example, https://site01.creatio.com/ServiceModel/AuthService.svc/SsoLogin
   Entity ID	Enter the full website path. For example, https://site01.creatio.com
   Signed response	Indicates that your service provider requires the entire SAML authentication response to be signed. Select the checkbox for the production environment and clear it for the testing environment.
   Name ID format	Select “Email.”
   Name ID	Select “Basic information - Primary Email”.

10. Click Continue.

11. Click Add mapping to map user attributes.

12. Select “Basic information - Primary Email” in the Google Directory attributes field and enter “name” in the App attributes field (Fig. 4).

    Fig. 4 Map attributes

    

13. Click Finish.

Perform the setup in Creatio

Follow these steps to set up single sign-on in Creatio:

1. Click to open the System Designer.

2. Go to the Users and administration group → Single Sign On configuration.

3. Click → “Custom SAML”. This opens the setup page.

4. Fill out the following parameters:

   Parameter	Parameter value
   Entity ID	Enter the Entity ID you acquired from Google.
   Single Sign On URL	Enter the SSO URL you acquired from Google.
   Single Logout URL	Enter the SSO URL you acquired from Google.
   Display name	Enter the provider name to display on the Creatio login page.

5. Save the changes.

6. Turn on Just-In-Time Provisioning (optional). This mechanism automatically creates the corresponding Creatio user account with data from the identity provider, such as user group, employee name, contact information, etc. For company employees, select the Create and update company employees data when log in (Just-In-Time Provisioning) checkbox and map the fields. For external users, select the Create and update external users data when log in (Just-In-Time Provisioning) checkbox and map the fields (Fig. 5).

7. Select the Create and update users data when log in (Just-In-Time Provisioning) checkbox.

8. Map Google fields to Creatio.

Fig. 5 Set up Just-In-Time Provisioning

7. Define your provider. To do this, specify the provider in the “Default SSO provider” (“DefaultSsoProvider” code) system setting. Learn more: Manage system settings.
8. Test whether the provider is working correctly (optional). To do this, open the provider page → Test sign in (Fig. 6).

   Fig. 6 Test sign in

   

---

See also

Single Sign-On via ADFS

Just-In-Time User Provisioning