Google

Overview of the SSO flow

The following figure illustrates an example SSO process flow.

A diagram illustrating a typical sign-on process leveraging the Google Chrome Enterprise Integration Kit.

  1. A user initiates the sign-on process by requesting access to a protected resource.

  2. The Google IdP Adapter determines if the incoming request is from the the Google API browser.

  3. If the user’s browser is the Google API (Managed), the adapter makes a backend call to the The Google API endpoint to generate a challenge.

  4. The adapter sends a 302 redirect to the PingFederate resume path with the challenge set in the response header.

  5. The the Google API browser processes the challenge and sets the response in the resume path request header.

  6. The adapter finds the challenge response set by the browser and makes a backend call to the The Google API endpoint to verify the response.

  7. After successful verification, the adapter has access to the device signals from the browser.

  8. The adapter uses the decoded device signals to fulfill the core contract for the authentication policy for subsequent decision making.