Articles in this section

See more

GSuite SAML

   Product: LaunchPad   

Audience: ClassLink Administrator

 

ClassLink can become your 3rd party SSO provider for Google SSO by following these steps in the Google Admin Console.  If you need further assistance, please contact helpdesk@classlink.com.

 

1. Open your G Suite Admin Console at https://admin.google.com.

 

43fab53-admin.png

 

2. Click the Security option.

 

mceclip1.png

 

3. Click Set up single sign-on (SSO) for SAML applications.

 

mceclip0.png

 

4. Click the Download IDP Metadata button in the Certificate 1 field. This file will be needed in a later step. Keep the Google Admin Console open in a separate tab, as you will need to return to the console towards the end of this process.

 

0db62f4-GSuite_SAML_Setup2.png

 

5. In ClassLink, open up the ClassLink Management Console from My Apps

 

5949962-cmc.png

 

6. Single Sign-On -> SAML Console

 

e255abb-SAML_Console.png

 

7. In the SAML Console -> click Copy Existing in the top menu.

 

36e6be3-copy.png

 

8. Click Copy for the G Suite entry.

 

51c1c10-gsuite.png

 

9. Click the Tasks icon () -> click Edit from the drop-down menu.

 

759757e-edit.png

 

10. Click metadata text, which is found underneath the Metadata URL input field.

 

66f7bdc-meta_txt.png

 

11. Open the IDP metadata file that you downloaded from the Google Admin Console in a text editor (e.g. Notepad).

 

12. Copy the entire contents of the file -> paste it into the Metadata field of the ClassLink IDP Console.

 

7e6e80e-clmeta.png

 

13. Under Login URL, put your custom URL code (not the whole URL!).

 

a693e5a-qc2.png

 

If you are not planning on using QuickCards, please follow the format below.

chromebookidp.png

 

14. Check the box for Use custom certificate for signing -> click the Create One button.

 

f83ab3e-customcert.png

 

15. In the Consumer Service Url (post) field, replace YOUR_G_SUITE_DOMAIN with your school’s G Suite domain.

 

c319c96-1-11-2018_3-25-47_PM.png

 

16. Click Update, to save all settings and return to the main listing of the ClassLink IDP Console.

 

79c8c35-up.png

 

17. Click the Tasks icon () again -> click Download IDP Certificate. You will need this file in a moment.

 

e6fce27-samlidpcert.png

 

18. Click the arrow next to the G Suite IDP Metadata URL (middle column) -> click Copy IDP Single Sign On Service URL.

 

9ac9901-gs.png

 

19. Return to the Google Admin Console’s Security section -> click on Set up single sign-on (SSO) with a third party IDP -> check the box for Setup SSO with third party identity provider.

 

mceclip2.png

 

20. Under Verification certificate -> click Choose File -> select the IDP certificate downloaded from the ClassLink IDP Console (file will be named idp_certificate.crt).

 

9a9cef1-choose.png

 

If you do not see Choose File -> click Replace certificate.

 

mceclip3.png

 

21. Click the Upload button.

 

57a9dcf-upload.png

 

22. In the Sign-in page URL field -> paste the IDP Single Sign On URL that was copied from the ClassLink IDP Console.

 

mceclip4.png

 

23. In the Sign-out page URL, paste in the following URL: https://launchpad.classlink.com/logout?customurl=CustomLoginURLCODE

 

Note: Not sure of your Custom Login URL? The login page URL is located in the ClassLink Management Console under Settings>Login Page. Copy that URL that is associated with your Domain. See image below.

 loginurl.png

Replace the highlighted text below with your Custom Login URL

mceclip5.png

 

Example: https://launchpad.classlink.com/logout?customurl=ABCDistrict

 

24. Set the network mask to 1.1.1.1/32 in the Network masks field. If you do not apply the network mask, all G Suite logins across your domain will be routed to ClassLink.

 

25. Click Save.

 

e904f82-save.png

 

26. Click here to view the documentation on how to use ClassLink QuickCards to log into your Chromebooks.

 

Updated: Feb 2019

Related articles

Powered by Zendesk