UserLock Documentation
UserLock Documentation

Configure G Suite for UserLock Single-Sign On

Procedure

Enable G Suite in UserLock SSO

In the UserLock console, Navigate to Single Sign-On → Configuration.

  1. Select Add configuration, then select Google as the provider to be configured.
  2. Custom App Domain: enter the domain of your G Suite instance (for example: https://google.com/a/contoso.com/acs)
  3. Email domain: enter the domain of the email you want to be used to enable users to log into.

NOTE: The SSO service needs to be restarted in order to use this profile

Configure G Suite for Single Sign-On

  1. Connect to https://admin.google.com/ac/home and connect to your domain administration console.
  2. Select the security icon:

  3. Navigate to System Definition → Set up single sign-on (SSO) with a third party Identity Provider and ensure the following values are selected:

    • Tick the checkbox Set up single sign-on (SSO) with a third party Identity Provider
    • Sign-In Page URL, set the value to: https://sso.<yourdomain>.com/saml/sso
    • Sign-Out page URL, set the value to: https://sso.<yourdomain>.com/connect/endsession
    • For the Verification certificate navigate to the %ProgramFiles(x86)%\ISDecisions\UserLock\SSO folder and locate and upload the ULSSO.cer certificate.

How to cancel SSO

Single Sign-On can be disabled in emergency situations providing that Super administrators must enter their full Google administrator account email address and associated Google password.