Initial Setup
Target
This applies to customers configuring HENNGE Access Control and Google Workspace Single Sign-On (SSO).
Purpose
Configure Single Sign-On (SSO) for HENNGE Access Control and Google Workspace to enable login to Google Workspace from HENNGE Access Control.
Notes
1. Upon completing the steps in this article, the Google Workspace login screen will be changed to HENNGE Access Control.
2. HENNGE Access Control administrator account information (username and password) is required.
3. Google Workspace tenant privileged administrator account information (username and password) is required.
4. Google Workspace accounts with privileged administrator rights are not eligible for Single Sign-On (SSO).
https://support.google.com/a/answer/6341409?hl=en
5. Before performing this operation, ensure that users with the same email address exist in both Google Workspace and HENNGE Access Control.
In case of mismatched email addresses or if the user does not exist in either system, the user will be unable to log in to Google Workspace.
6. Depending on your contract, there may be some differences between the content of the screenshots and the actual product screens.
7. The content of this article is based on the product as of March 2019 and may be subject to change without notice.
Detailed Steps and Explanation
1. Download the Server Certificate
1.1. Access [Service Provider Settings] in the HENNGE Access Control admin panel left menu.
1.2. Select [Display] for the [Gmail] row.
1.3. Select [Download] to download the certificate file (.crt) to your device.
2. Enable Service Provider Settings in Access Policy Group
In the service provider settings of the access policy group to which users using Google Workspace belong, check the [Gmail] item and select [Submit].
※ If you proceed without checking here, a 404 error will occur during Single Sign-On.
3. Confirm Input Content on Single Sign-On (SSO) Configuration Screen
The input content for configuring Single Sign-On (SSO) between Google Workspace and HENNGE Access Control is documented in the material provided in advance by the HENNGE One implementation staff/support contact, called HENNGE One Connection Settings Sheet.xlsx.
4. Register API Client
If you have not yet performed the following steps, do so here:
Setting API Authorization for User Provisioning (Google Workspace)
5. Configure Single Sign-On (SSO)
5.1. Access the Google Workspace admin console and click [Security].
5.2. Click [Configure Single Sign-On (SSO) using third-party ID providers] in the [Security] menu.
5.3. Click [Third-party SSO profiles for the organization] in the [Configure Single Sign-On (SSO) using third-party ID providers] menu.
5.4. Check [Set up SSO with third-party ID providers].
5.5. Enter the [Single Sign-On (SSO) Settings] details provided by HENNGE in the documentation.
Example of configuration string (values will vary for each customer)
・URL of the login page
https://ap.ssso.hdems.com/portal/example.com/login/
・URL of the logout page
https://ap.ssso.hdems.com/portal/example.com/logout/
・URL for password change
https://ap.ssso.hdems.com/portal/example/login/
5.6. Upload the certificate downloaded in [1. Download the Server Certificate].
5.7. Check [Use domain-specific issuer].
5.8. Click [Save].
5.9. Confirm whether Single Sign-On (SSO) has been successfully completed.
Follow the instructions in the following article to confirm if Single Sign-On (SSO) has been successfully completed.
Verification of Single Sign-On (SSO) between HENNGE Access Control and Google Workspace
5.10. Contact the HENNGE One implementation staff to report the completion of Single Sign-On (SSO).
After confirming the successful completion of Single Sign-On (SSO) settings, be sure to contact the HENNGE One implementation staff.