As the administrative user for your Google Workspace domain, login to the Google Workspace Admin page.
Then Select Apps > SAML Apps from the menu on the left hand side of the screen (“hamburger menu”).
On the following screen, click the yellow plus (+) symbol in the bottom left to add a new SAML Application. Then select “Setup my own custom app”
On the next screen you will want to save the SSO URL, Entity ID and download the certificate.
On the next page enter an Application Name that matches your Access Anywhere system, and use any Description or Logo you would like, and click next.
Next fill out the “Service Provider Details” like so:
ACS URL = Access Anywhere URL + “/saml.htm” - ex: https://filefabric.fileserverapp.com/saml.htm
Entity ID = Access Anywhere URL - ex: https://filefabric.fileserverapp.com/
Start URL = Access Anywhere URL - ex: https://filefabric.fileserverapp.com/
Name ID = Leave as Default: Basic Information > Primary Email
Name Format = Leave as Default: Unspecified
We will set up the following mappings in the Attribute Mapping Section:
Username > Basic Information > Primary Email
email > Basic Information> Primary Email
fullname > Basic Information > First Name
groups > Employee Details > Department
phone > Contact Information> Phone Number
upn > Basic Information > Full Name
Click Finish to complete the setup of the SAML App.
Finally select the three dot menu for the app and select “ON for everyone” to enable all of your Google Workspace users to use this app.
As the Org admin, we will now enable the SAML Authentication.
Click on: Organization > Auth Systems.
Select: Auth System > SAML 2
Fill in the following details:
Auth System Name - Google Workspace SAML
Login Button label - This text field will be what is displayed in the login button on the Access Anywhere login page. Use something that the users will understand like “Login with Google”
The service provider entity ID - Enter the Entity ID you saved from the Google SAML App setup screen
SSO Entry point - Enter the SSO URL you saved from the Google SAML App setup screen
Logout Service Endpoint - https://accounts.google.com/Logout
Certificate Data = Enter the certificate text you downloaded from the Google SAML App setup screen
Fetch User Role\Group Name by id - Leave unchecked
Auto create user on login - Check if you would like users to be auto provisioned when logging in via SAML
Update user roles/groups on login - Check if you would like Access Anywhere roles to be updated on user login
Update user info on login - Check to update all user information on SAML login
User Import Fields
Ensure the following mappings are set:
Unique user attribute > username
User login field > username
User Name field > fullname
User email field > email
Role\Group name field > groups
User Phone field > phone
Click Test and then Update to save these settings