Google

Overview of the SSO flow

The following figure illustrates an example SSO process flow.

A diagram illustrating a typical sign-on process leveraging the Google Chrome Enterprise Integration Kit.

  1. A user initiates the sign-on process by requesting access to a protected resource.

  2. The Google Chrome Enterprise Device Trust IdP Adapter determines if the incoming request is from the Google Chrome Enterprise browser.

  3. If the user’s browser is Google Chrome Enterprise (Managed), the adapter makes a backend call to the Chrome Verified Access API endpoint to generate a challenge.

  4. The adapter sends a 302 redirect to the PingFederate resume path with the challenge set in the response header.

  5. The Google Chrome Enterprise browser processes the challenge and sets the response in the resume path request header.

  6. The adapter finds the challenge response set by the browser and makes a backend call to the Chrome Verified Access API endpoint to verify the response.

  7. After successful verification, the adapter has access to the device signals from the browser.

  8. The adapter uses the decoded device signals to fulfill the core contract for the authentication policy for subsequent decision making.