OpenAM can serve as the identity provider when you use Google Apps as a service provider, allowing users to have single sign-on with their Google Apps account.
In order to use this service, you must have a Google Apps account for
at least one of your domains, such as example.com.
Procedure 12.10. To Integrate With Google Apps
-
If you have not yet done so, set up OpenAM as described in Procedure 12.1, “To Create a Hosted Identity Provider”, using a signing certificate that is needed by Google Apps.
See the procedure To Change the Signing Key for Federation for details regarding the signing certificate.
-
On the OpenAM console Common Tasks page, click Configure Google Apps.
-
On the first Configure Google Apps for Single Sign-On page, add your domain name(s) such as
example.comto the list, and then click Create. -
On the second Configure Google Apps for Single Sign-On page, save the OpenAM verification certificate to a text file, such as
OpenAM.pem. -
Follow the instructions under To Enable Access to the Google Apps API before clicking Finish.
-
Access the Google Apps administration page for the first of your domains in a new browser tab or window.
-
Login as Google Apps administrator.
-
Select Enable Single Sign-On.
-
Copy the URLs from the OpenAM page into the Google Apps setup screen.
-
Upload the certificate file you saved such as
OpenAM.pemas the Google Apps Verification Certificate. -
Select Use a domain specific issuer.
-
Save changes in Google Apps setup.
-
Repeat the steps above for each domain you have configured.
-
Click Finish to complete the process.
-
