In the Google Admin console navigate to the “Apps” section and then to “SAML Apps”. Click the plus button to open the “Enable SSO for SAML Application” dialog and then click “SETUP MY OWN CUSTOM APP”.
You will end up on step 2 “Google IdP Information”.
Open the One Model application in another tab or browser and go to Company Settings. Find the SAML2 Integration section and click “Edit”. Select “Manually configure SAML2”.
Copy the following values from the dialog in Google into the One Model application settings.
Copy “SSO URL” into “IDP Url”.
Copy “Entity ID” into “Issuer”.
Download the certificate from Google. Open the certificate in a text editor and copy the contents into the “Public Key” field in One Model.
Leave “Preferred Binding” set to “Auto” in the One Model settings. At this point the settings in One Model should look like.
Back in Google, click “NEXT” to move onto step 3. Provide a name, description, and logo for the SAML application as desired. Click “NEXT” to move onto step 4. Enter the following details replacing your_subomain with the appropriate value (your company ID).
Entity ID: http://your_subdomain.onemodel.us/Saml/Init
Check the “Signed Response” option, and leave the rest of the settings as their default value.
Click “NEXT” to move to proceed to step 5.
One Model looks for attributes in the SAML response to populate user names. It can also be configured to look for an attribute that provides an employee ID, which to use for contextual user role based security. Add mappings for firstname and lastname as shown in the following screenshot.
To include the employee ID in the SAML response, configure it in the attribute mappings in Google. It will also have to be configured in the One Model application. This can be done by selecting the “Populate Employee ID with SAML Attribute” option for “Employee IDs”. Populate the “Employee ID Attribute” field with the name given to the attribute in Google.
Once the attributes have been configured in Google, click “FINISH” to complete setting up the SAML application.
In One Model the remaining options (“Default Application Roles”, “Default Data Access Roles”, and “Log In Automatically”) can be configured however you desire. When finished click “Save” to complete the setup.