Okta

How to Configure SAML 2.0 for Google Cloud Platform


Read this before you enable SAML

Contents


Supported Features

The Okta/Google Cloud Platform SAML integration currently supports the following features:


Configuration Steps

  1. Sign into your Google tenant using admin credentials.

  2. Click the Security icon, as shown here:

    googlecloud1.png

    Note: If the Security icon is not visible, click More Controls at the bottom of the panel and drag the Security icon into the Admin Console dashboard:

    googlecloud2.png

  3. On the Security menu, select Set up single sign-on (SSO):

    googlecloud3.png

  4. Check Enable Setup SSO with third party identity provider (Option 2), then enter the following (see screen shot at end of document for reference):

    • Sign-in page URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Sign-out page URL: Copy and paste the following:

      Sign into the Okta Admin dashboard to generate this value.

    • Change Password URL: Copy and paste the following:

      Sign into the Okta Admin dashboard to generate this value.

    • Check Use a domain-specific issuer.

    • (Optional) Use the Network masks field to allow only a targeted subset of users to access your organization's Okta site. This is useful for rolling out application access in controlled phases.

    • Download your Google verification certificate and then upload it in the Verification certificate section:

      Sign into the Okta Admin dashboard to generate this value.

    • Click Save changes.

    googlecloud4.png

  5. In Okta, select the Sign On tab for the Google Cloud Platform app, then click Edit.

    • Enter https://console.cloud.google.com in the Default Relay State field.

    • Click Save changes.

    googlecloud5.png

  6. Done!



Notes

For SP-initiated SSO

Navigate to https://www.google.com/a/[DOMAIN]/ServiceLogin?continue=https://console.cloud.google.com.