Configure Google SAML with Bridge

Document created by Ike Bennion Employee on May 3, 2016Last modified by Jarod Newman on Apr 25, 2019
Version 23Show Document
  • View in full screen mode

Overview

This document walks you through setting up SAML with Google and Bridge. Click on images to zoom.

 

 

Google SAML Setup

 

 

Setup a Google SAML app

1. Sign in to the Google Admin console.

2. Click Apps > SAML apps

Screenshot 2016-03-10 17.47.24.png

 

 

 

 

 

 

 

3. Select the Add a service/App to your domain link or click the plus ( + ) icon in the bottom corner.

Screenshot 2016-03-10 17.47.44.png

 

 

 

 

 

 

 

4. Click Setup My Own Custom SAML App.

Screenshot 2016-03-10 17.47.54.png

 

 

 

 

 

 

 

 

 

 

5. The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate.

6. Download the IDP Metadata and email it to your implementation consultant or follow the remaining steps to complete the setup yourself. Come back to the admin console and click Next.

Screenshot 2016-03-10 17.40.52.png

 

 

 

 

 

 

 

 

 

 

 

7. In the Basic Application Information window, add an application name and description, you can download a pre-formatted Bridge logo below and upload it in the Upload Logo option. 

8. Open Bridge, in another tab or window, and navigate to Admin > Account Management > Auth

9. Select Enable on SAML 2.0

 

10. Select the drop down option 'Identity Provider Metadata URL' and select Manual Configuration

 

11. Copy and paste Identity Provider EntitySingle Sign On URLX509 Certificate and Name ID Format URN from the Google metadata downloaded in step 6. Select Save located at the bottom.

*If you are unfamiliar with these fields, your Implementation Consultant will be able to assist*

 

12. After you select save the last three fields populate. Copy the ACS URL and Audience URI.

 

13. Navigate back to Google SAML. In the Service Provider Details window, add an:

  • ACS URL (Generated in the previous step),

  • An Entity ID (Paste Audience URI from the previous step)

  • Start URL must be left blank.

 

 

14. Select Next.

15. Select Finish.

Turn on SSO to your new SAML app

 

  1. Sign in to your Admin console.

  2. Go to Apps > SAML apps.

  3. Select your new SAML app. At the top of the gray box, click the button with the three vertical dots and choose:

    • On for everyone to turn on the service for all users (click again to confirm).

    • Off to turn off the service for all users (click again to confirm).

    • On for some organizations to change the setting only for some users.

 

Testing Your Google SAML App

 

  1. Open an Incognito or Private Browsing window in your preferred browser.
  2. Navigate to your Bridge instance by navigating to https://{client_domain}.bridgeapp.com.
  3. Login to your Google service. You should see your Admin Dashboard or My Learning Dashboard.
  4. If you are successful in logging in, click the profile in the top right corner, in the tray that opens, click "Log Out"
  5. If you are directed to the logout page, the logout link was successful and your test was successful.

 

Troubleshooting

 

 

What You're SeeingWhat's Probably HappeningHow We Fix It
When you log out, there is no action, or a white screen appears.

There is not an inputted Log Out URL,

or

the Log Out URL is incorrect.

Ask your IC to double check the Log Out URL in your account settings. It should be:  https://{{client}}.bridgeapp.com/logout'
After I log in, a blue screen pops up that says "Oh Snap, It looks like you've tried to access Bridge without telling us which account you belong to."

You have inputted the wrong ACS URL,

or

you may have inputted the wrong Start URL.

Ask your IC to confirm your domain. Double check the ACS URL and Start URL to ensure that they match the settings of the Bridge SAML Google App.
After I select the Bridge application from the Google App switcher, I get an error "session_not_found".Start URL needs to blank.Access the Bridge service provider details in the Google admin panel and remove the Start URL. See step 13 above.

 

 

 

Additional Reading

 


Attachments

    Outcomes