Disclaimer: Authentic8 makes no guarantee on third-party software integration. We assume no responsibility for errors or omissions pertaining to the third-party software or documentation available. The integration of a 3rd-party software is done solely at your own risk and discretion
Prerequisites
• An existing Google Workspace instance with at least one user or user group established
• Silo Admin Console access, along with sufficient Silo Admin privileges for the org you wish to setup SSO with
Silo Admin Console
1. Define your organization's vanity URL value (e.g., supportdemo)
Click Manage right below Users & Orgs then navigate to Edit Orgs > enter a Vanity URL value > click Save
2. Enable SAML SSO via Policies > Access & Authentication > Single Sign-On
3. Download the SP Encryption Certificate (SP_cert.crt) from the Single Sign-On policy page to your local machine
Important: Do not hit Save — leave page open
Google Workspace Admin Portal
1. Access the Google Admin Portal at admin.google.com
2. Click the APPS icon, then select SAML apps
3. Click the yellow [+] icon in the lower right corner
4. Select the blue SETUP MY OWN CUSTOM APP
5. Use Option 1 then copy and paste both SSO URL and Entity ID values to a local text application (e.g., Notepad)
6. Download a copy of the Google Certificate, then click Next.
7. Name your Application (e.g., Authentic8), then click Next.
8. Copy the SP Post Back URL from the Silo Admin Console, then paste it into the ACS URL field in the Google Admin portal
Example: https://getsilo.com/sso/saml/supportdemo/login — make sure the URL doesn't end with a forward slash / character
9. Copy the SP Identity ID value from the Silo Admin Console, then paste it to the Entity ID field in the Google Admin Console
More Info: The Start URL field can be set to a value of 2 for Installed Client, or 4 for Web Client (a8silo.com)
10. Enable the Signed Response check box
11. Set the Name ID format to email, then click Next followed by Finish
Required: Assign Users
• From the Google Workspace Admin Console
• Navigate to SAML Apps
• Select the Authentic8 SAML App you just created
• At the top right of the gray box, click Edit Service
• To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, then click Save
— OR —
• To turn On or Off a service only for users in an organizational unit:
• On the left, select the organizational unit
• Select On or Off
Silo Admin Console
Transfer the following information from the Google Workspace Admin Console over to the Silo Admin Console:
1. For IdP Issuer: enter the Entity ID from Google Workspace
2. For IdP Login URL: enter the SSO Logon URL from Google Workspace
3. IdP Signing Certificate: upload the Google Workspace signing certificate
4. Click Save
More Info: Apply the required Windows Registry values in place per our SAML SSO guideline:
https://support.authentic8.com/support/solutions/articles/16000035031-saml-sso-for-silo-access
Common Errors
PERMISSIONDENIED: FAILED TO PARSE SAML IDP TOKEN: 'NONETYPE' OBJECT HAS NO ATTRIBUTE 'ATTRIB'
• Ensure the Signing Option is set to Sign SAML response
Failed to Parse SAML Token
• Ensure that the account exists in both Silo and Google Workspace with a matching email address
• Ensure that the correct IdP Signing Certificate has been uploaded into Silo Admin Console
User Not Found
• The account may not be provisioned with a matching email address between Authentic8 and Google Workspace
Please contact Support for any additional questions