Skip to content
CA Identity Service
Documentation powered by DocOps

Add Google

Last update June 5, 2017

Add Google to CA Identity Service

To add Google, follow these steps: 

  1. Click APPS in the left column.
  2. Click Add App.
  3. Select Google.

  4. Enter the name of the domain that you are adding. The domain name is part of your username: user@domain-name.com

    Note: Be sure to enter the correct domain. With the wrong domain, this procedure works, but you see errors later. For example, when you create a rule that assigns a Google account, that assignment fails

  5. Click Connect to give the app access to CA Identity Service.
  6. Click Import.
  7. When the import completes, click CONFIGURE to perform basic configuration.

Perform Advanced Configuration for Google

As a business owner of this app or an administrator, you can perform advanced configuration steps.

  1. In the left column, click APPS.
  2. On the row with your app, select the configure symbol.
  3. Perform the following steps and click Save after each step.
  4. Make any changes needed under Basics.
    You can change the app name or owner. The administrator can view all the applications and Business owner can only view applications that he or she owns. If you change the ownership, you could lose access to the app.
  5. Set the values under Account Settings.
    1. Discovery - Set the appropriate action to correlate accounts in the app with a person in CA Identity Service.
    2. Attributes - Set the attributes to assign for when an account is created.
    3. Termination - Determine what happens to an account in this app when a person is terminated.

Configure Single Sign-On for Google

You configure Single Sign-On by having simultaneous access to CA Identity Service and the administrator login to Google.

  1. In the left column, click APPS.
  2. On the row with Google, select the configure symbol.
  3. Under Single Sign-On, click Setup.
  4. Enable Single Sign-On.
  5. Log in to Google and go to the Admin console.
  6. Click Security.
  7. Click Set up single sign on (SSO).
  8. Click Setup SSO with third party identity provider.
  9. Return to CA Identity Service and the Single Sign-On page.
  10. Copy the Sign-in page URL field into the same field in Google.
  11. Copy the Sign-out page URL field into the same field in Google.
  12. Copy the Change password URL field field into the same field in Google.
  13. Click Save to save the URLs in Google. If you proceed to the certificate step without first saving, you lose the URLs.
  14. Obtain the required certificate from CA Identity Service.
    1. On the Single Sign-on Page, download the Verification Certificate and save it as a text file.
    2. In Google, apply this certificate.
  15. In Google, click to select Use a domain specific issuer.
  16. Return to the Single Sign-On page and click Finish.

Note: We strongly recommend that customers enable SSO for Google Apps so that new users are able to log in to the system. If SSO is disabled, customers need to reset the account password in the Google Apps Admin console, then communicate it to the users.

Was this helpful?

Please log in to post comments.