One of the most popular app suites is G Suite, even for organizations that are not using Google as an Identity Provider. This leads us to one of Clearlogin's most used features: native support for syncing Google Apps passwords via a Google admin account.
When you sync your G Suite domain to your Clearlogin domain, password changes to G Suite accounts will not need to also be changed within Clearlogin, since they are re-synchronized every time a user logs in to G Suite.
To get started with syncing your G Suite domain to your Clearlogin domain, make sure that you have a G Suite administrator account ready to be used for this purpose, and then do the following:
Engineer's Note: It is not necessary to enable this feature if you are using Google as an Identity Provider, since you will already have the features that the following procedure will add for you.
- Navigate to your Clearlogin admin dashboard and select Apps from the navigation bar.
On the right-hand side of the Manage App Connections page, click on the G Suite Settings Button
- You will be brought to the G Suite Settings page.
If this is your first time accessing the G Suite Settings page, you will be prompted to grant Clearlogin admin access to your G Suite account.
Click on Grant Admin Access, and then log into your G Suite admin account and follow Google's log in prompts.
Note: Best practices dictate that you use a designated service account for logging into G Suite during this step. This is to avoid losing functionality in case an administrator whose account could be used to do this has their account disabled (IE: if they leave the organization).
Click on Allow when presented with the below prompt.
Afterwards you will be brought back to the following screen on your Clearlogin dashboard.
As you can see, "Sync password on login" is already checked by default. Leave this box checked in order to have your passwords re-sync'd upon every successful login. This will stop users from being unable to access G Suite after changing their G Suite password.
Another important checkbox is "Sync when changed", which re-syncs passwords after every Clearlogin Change Password attempt. You should use this if you choose to not use the "Sync password on login option". It is however preferable that you leave both "Sync password on login" and "Sync when changed" simultaneously checked.
If you wish to remove the above configured functionality and revoke Clearlogin's administrative access to your G Suite account, please click on the Remove Admin Access button at the bottom of the page.
Note: The Directory Sync portion of the G Suite Settings Page is for synchronizing G Suite Directory to Clearlogin Directory. This is for Identity Management purposes and is explained in this article.
- On the right side of the G Suite Settings page you will see the following.
As the tool-tip above suggests, please navigate to https;//admin.google.com, click on Security, and then select Set up single sign-on (SSO).
- On the above screen, fill out the Sign-in page URL, Sign-out page URL, and Change password URL with the information provided by the window on the Clearlogin G Suite settings page.
- On the Clearlogin G Suite settings page, click on the G Suite Certificate & Key button.
From the proceeding page you will be able to generate and download Public Certificates which you will also have to upload to Google's servers from the G Suite admin console (under Verficiation certificate).
Congratulations, you have successfully federated your G Suite Apps with Clearlogin! You will now be able to log into Gmail, Google Docs, Google Sheets, etc via Clearlogin's dashboard.