Single Sign-On (SSO) workflow with Google

Product: SP Connect, AppStore Module

Privileges: Primary Admin privileges, user privileges


If the provision is disabled then a user would be prompted to provide existing credentials when accessing Google Apps through GG4L for the first time. Below is the outline of the account validation process:

  1. Emails are used as login names of Google accounts. If a user provides a username without @{domain}, the connector will add the @{domain} to the username and will use the new value. The value of the {domain} can be configured on the connector’s configuration screen by an administrator;

  2. If a user provides a username of a non-existing account - validation returns an error response;
  3. The user is redirected to the Google sign-in page and is constrained to sign in with the username provided on the Capture Credentials screen to prove its ownership. This operation is performed through Google OAuth login. During validation, the user will be asked for permission to read his account’s information. If permission isn’t granted - validation returns an error response. If the user indicates one username on the Capture Credentials but logins into Google with different credentials - validation returns an error response with a request to use the same username. Otherwise, validation is successful and the user will continue SSO.

If you have any questions about Single Sign-On (SSO) workflow with Google, please reach out to GG4L Customer Support.