This section describes the settings for using Unifinity with Google Workspace as an IdP (Identity Provider).
procedure
1. adding a custom SAML app
From the Google Workspace administration page, go to "Apps" -> "Web and Mobile Apps", select "Add App" and click "Add Custom SAML App".
Specify Unifinity as the app name on the [1) App Details] screen.
On the [2) Google ID Provider Details] screen, click "Option 1:". Download the metadata XML using the "Download IdP metadata" button, open it in Notepad, select all of it, copy it to the clipboard, and paste it into MetaData on the UniBaaS single sign-on configuration screen.
Option 2: "Option 1. Set the "SSO URL" in the "Copy SSO URL, Entity ID, and Certificate" section to the IdP Login URL on the UniBaaS single sign-on configuration screen.
On the [③ Service Provider Details] screen, set the ACS URL to "ACS URL" and Entity ID to "Entity ID" on the UniBaaS single sign-on configuration screen.
Specify "EMAIL" for "Name ID Format" and "Basic Information > Primary email" for Name ID.
To map the department name of a user property on Google Workspace to a group in UniBaaS, specify "Department" for the Google Directory attribute and "Group" for the app attribute in the [ ④ Mapping Attributes] screen.
Behavior of IdP-Initiated SSO
Once the Unifinity app is configured on Google Workspace to be available, IdP-Initiated SSO is enabled.
Select "Unifinity" created from "Apps" -> "Web and Mobile Apps" in the Google Workspace administration page and click "User Access".
Set "Service Status" to "ON" and save.
View the Google web page in your browser and click on the app launcher (the 9-dot button in the upper right corner of the screen) to display the Unifinity app.
Clicking on the link in your Windows browser will bring up the UniBaaS corporate administration page. (In this case, an Azure Active Directory authenticated account must be assigned to a group with administrative privileges on UniBaaS. )
Clicking the link in your iOS or Android browser will launch the Unifinity Application Player in an authenticated state.