Configure G Suite for your team

Prerequisites

  1. Make sure all existing users have Entry Accounts set up.

  2. Make sure you have Super Admin Permissions in your G Suite to configure SSO.

If you need help setting it up or troubleshoot, message us in the Slack channel or leave a message in our community: https://entry.community

Overview

Entry SSO lets users sign in to G Suite using biometric authentication. It prevents 90% of phishing attacks and account takeovers while delivering a seamless user experience. When Entry SSO is set up, users can access Google apps on any device with a web camera, browser, and internet connection.

As an admin, follow these best security practices when integrating Google Workspace with Entry SSO as a third-party identity provider (IdPs). It's a three-step process:

  1. Step One. Creating a separate admin account with super admin permissions.

  2. Step Two. Setting up Entry SSO as a third-party identity provider (IdPs).

  3. Step Three. Going live.

Let's look into each step one by one.

Setup

Create an Admin Account for G Suite

It's a good security practice to avoid using accounts with Super Admin privileges for day-to-day work. If you are currently using a Super Admin account, consider switching to an ordinary one.

Before you start setting up Entry as an SSO, create a separate Super Admin account in your Google Workspace Admin Console: Super Admins bypass SSOs, so you won't be able to use Entry as a Super Admin until you complete this step.

  1. Open Google Admin Console.

  2. Go to Users.

  3. Create a new user (e.g., admin@yourcompany.com). Make sure that all credentials, including those used for account recovery, are securely stored.

  4. Assign Super Admin role to the newly created user. Login to your account to activate it.

  5. Go back to Users. Click on your original user account.

  6. Revoke Super Admin permissions from the original account. If you see a dialog window below, enter your new admin account as primary admin.

Set up Entry SSO

Make sure you are setting up Entry SSO from your newly created admin account with Super Admin Permissions.

For this step you will need your X.509 certificate that you will be able to download from your Entry Dashboard.

  1. Open Google Admin Console (at admin.google.com...).

  2. Go to Security.

  3. Click Set up single sign-on (SSO) with a third party IdP.

Check the Set up SSO with third-party identity provider box.

Enter the following URLs to your third-party IdP:

Replace YOUR_REALM in the links below with a lowercase name of your workspace.

Upload provided X.509 Certificate.

Click SAVE.

Once you enable Entry SSO, all the users will be prompted to re-login to G Suite with Entry.

Going live

Congratulations!

You have configured your Google Workspace to use XIX Entry as an SSO!

Google Workspace has released an experimental (as of Aug 4th) feature that allows some of the users in your Workspace to bypass a configured SSO. The way it's done is Google allowing to waive SSO requirements for a specific group within your organization.

  1. Open Google Admin Console (at admin.google.com...).

  2. Go to Security.

  3. Click Set up single sign-on (SSO) with a third party IdP.

  4. Click Manage SSO profile assignments.

  5. If this is your first time assigning the SSO profile, click Get started. Otherwise, click Manage.

  6. Select the existing group of users you want to be exempt from signing in with SSO. You might need to create that group and assign some users to it first.

  7. For SSO profile assignment, choose None.

That's it!

Users in that group will be signed in directly with Google, the rest of the users will be using XIX Entry as the SSO.

Here is a link to the original manual describing how to do this: https://support.google.com/a/answer/10723804

Last updated