Configure G Suite for UserLock Single-Sign On
Procedure
Enable G Suite in UserLock SSO
In the UserLock console, Navigate to Single Sign-On → Configuration.
- Select Add configuration, then select Google as the provider to be configured.
- Custom App Domain: enter the domain of your G Suite instance (for example: https://google.com/a/contoso.com/acs)
- Email domain: enter the domain of the email you want to be used to enable users to log into.
NOTE: The SSO service needs to be restarted in order to use this profile
Configure G Suite for Single Sign-On
- Connect to https://admin.google.com/ac/home and connect to your domain administration console.
-
Select the security icon:
-
Navigate to System Definition → Set up single sign-on (SSO) with a third party Identity Provider and ensure the following values are selected:
- Tick the checkbox Set up single sign-on (SSO) with a third party Identity Provider
- Sign-In Page URL, set the value to: https://sso.<yourdomain>.com/saml/sso
- Sign-Out page URL, set the value to: https://sso.<yourdomain>.com/connect/endsession
- For the Verification certificate navigate to the %ProgramFiles(x86)%\ISDecisions\UserLock\SSO folder and locate and upload the ULSSO.cer certificate.
How to cancel SSO
Single Sign-On can be disabled in emergency situations providing that Super administrators must enter their full Google administrator account email address and associated Google password.