Audience: ClassLink Administrator
ClassLink can become your 3rd party SSO provider by following these steps in the Google Admin Console. If you need further assistance, please contact firstname.lastname@example.org.
1. Open your G Suite Admin Console at https://admin.google.com.
2. Click the Security option.
3. Click Set up single sign-on (SSO).
4. Click the Download IDP Metadata button in the Certificate 1 field. This file will be needed in a later step. Keep the Google Admin Console open in a separate tab, as you will need to return to the console towards the end of this process.
5. In ClassLink, open up the ClassLink Management Console from My Apps
6. Single Sign-On -> SAML Console
7. In the SAML Console -> click Copy Existing in the top menu.
8. Click Copy for the G Suite entry.
9. Click the Tasks icon (…) -> click Edit from the drop-down menu.
10. Click metadata text, which is found underneath the Metadata URL input field.
11. Open the IDP metadata file that you downloaded from the Google Admin Console in a text editor (e.g. Notepad).
12. Copy the entire contents of the file -> paste it into the Metadata field of the ClassLink IDP Console.
13. Under Login URL, put your custom URL code (not the whole URL!).
14. Check the box for Use custom certificate for signing -> click the Create One button.
15. In the Consumer Service Url (post) field, replace YOUR_G_SUITE_DOMAIN with your school’s G Suite domain.
16. Click Update, to save all settings and return to the main listing of the ClassLink IDP Console.
17. Click the Tasks icon (…) again -> click Download IDP Certificate. You will need this file in a moment.
18. Click the arrow next to the G Suite IDP Metadata URL (middle column) -> click Copy IDP Single Sign On Service URL.
19. Return to the Google Admin Console’s Security section -> check the box for Setup SSO with third party identity provider.
20. Under Verification certificate -> click Choose File -> select the IDP certificate downloaded from the ClassLink IDP Console (file will be named idp_certificate.crt).
If you do not see Choose File -> click Replace certificate.
21. Click the Upload button.
22. In the Sign-in page URL field -> paste the IDP Single Sign On URL that was copied from the ClassLink IDP Console.
23. In the Sign-out page URL, paste in the following URL: https://launchpad.classlink.com/logout?customurl=(EnterLoginURL)
24. Click Save.
25. In another browser, navigate to one of the G Suite services for your district (e.g. https://drive.google.com/a/your_domain). Google should now redirect you to your LaunchPad URL for authentication.
Updated: Feb 2019