PingOne for Enterprise

Connect to Google

About this task

The Google identity bridge uses the OpenID Connect protocol to connect to your Google domain.

You will need to log in to your Google account and enable settings to use Google as your identity bridge, with support for user provisioning. Then you will configure PingOne to use one of your Google groups and create PingOne groups of the same names as your Google groups.

Every user who will SSO using PingOne dock needs to belong to a Google group.

Steps

In Google

  1. Enable Domain Admin API access for your Google account:

    1. Sign on to your Google Admin console.

    2. On the menu bar, select More controls.

    3. Select Security → API Reference.

    4. Ensure the Enable API Access checkbox is selected.

    5. Save any changes.

  2. Create a Google group, if you do not have one already.

    We require that you have at least one Google group. Each user signing on (SSO) through PingOne dock must be assigned to one or more Google groups.

    1. On the Admin console, select Groups.

    2. Click the Create Group link and assign a group name.

    3. On the Members tab, enter the user names to assign to the group, or select Add all users.

Note the names of the groups you create. You will use these in PingOne group management.

In PingOne

  1. Configure the PingOne connection to your Google domain.

    1. Go to Setup → Identity Repository, click Connect to an Identity Repository, and select to set up the Google identity bridge.

    2. In the entry box for Google Domain Name, enter the domain name for your Google account.

    3. Make sure you have popups enabled for your browser, the click Configure OAuth. This establishes a secure connection to your Google account using the OAuth protocol.

    4. Assign the Google-to-PingOne attribute mapping.

      This assignment maps Google OpenID Connect attributes to the default PingOne attributes (used by PingOne dock). This attribute mapping is not used by applications that you add to PingOne. You will configure those attribute mappings for each application.

      For any of the attribute mappings, you can choose to configure an advanced mapping. See Creating advanced attribute mappings for instructions.

    5. Click Finish.

      When you return to the Setup > Identity Repository page, a summary of the settings for your identity bridge is displayed. You can click the edit icon to modify the settings.

  2. Add your Google groups to PingOne.

    1. See Add groups to add your groups to PingOne.

Result

Your Google identity bridge is now set up, with provisioning support for all users in your Google groups.