Articles in this section

See more

GSuite SAML

   Product: LaunchPad   

Audience: ClassLink Administrator

 

ClassLink can become your 3rd party SSO provider for Google SSO by following these steps in the Google Admin Console. This will allow users to log into their Chromebooks using ClassLink instead of their Google credentials.  If you need further assistance, please contact helpdesk@classlink.com.

 

1. Open your G Suite Admin Console at https://admin.google.com.

 

43fab53-admin.png

 

2. Click the Security option.

 

mceclip1.png

 

3. Click Set up single sign-on (SSO) for SAML applications.

 

mceclip0.png

 

4. Click the Download IDP Metadata button in the Certificate 1 field. This file will be needed in a later step. Keep the Google Admin Console open in a separate tab, as you will need to return to the console towards the end of this process.

 

0db62f4-GSuite_SAML_Setup2.png

 

5. In ClassLink, open up the ClassLink Management Console from My Apps

 

5949962-cmc.png

 

6. Single Sign-On -> SAML Console

 

e255abb-SAML_Console.png

 

7. In the SAML Console -> click Copy Existing in the top menu.

 

36e6be3-copy.png

 

8. Click Copy for the G Suite entry.

 

51c1c10-gsuite.png

 

9. Click the Tasks icon () -> click Edit from the drop-down menu.

 

759757e-edit.png

 

10. Click metadata text, which is found underneath the Metadata URL input field.

 

66f7bdc-meta_txt.png

 

11. Open the IDP metadata file that you downloaded from the Google Admin Console in a text editor (e.g. Notepad).

 

12. Copy the entire contents of the file -> paste it into the Metadata field of the ClassLink IDP Console.

 

7e6e80e-clmeta.png

 

13. Under Login URL, enter the appropriate URL based on your goal of having the camera automatically activated for QuickCard use or to have the ClassLink login page replace your Google login screen.

  • To have the camera activated, copy and paste the URL below using the end portion of your custom ClassLink login URL  (example below):

quickcard?school_code=DEMO&chromebook=1

 

Note: Replace "DEMO" with the end of your custom ClassLink URL. 

 

mceclip0.png

mceclip1.png

 

  • To have the ClassLink login page replace your Google login page (if your authenticate into ClassLink with AD credentials, copy and paste the URL below using the end portion of your custom ClassLink login URL  (example below):

  •  

    Note: This option is only available to schools that authenticate into ClassLink using Active Directory credentials.

     

  • DEMO?chromebook=1

  •  

    Note: Replace "DEMO" with the end of your custom ClassLink URL. 

     

 

 

       mceclip0.png

mceclip3.png

 

14. Check the box for Use custom certificate for signing -> click the Create One button.

 

f83ab3e-customcert.png

 

15. In the Consumer Service Url (post) field, replace yourprimarydomain.org with your school’s G Suite domain.

 

mceclip0.png

 

16. Click Update, to save all settings and return to the main listing of the ClassLink IDP Console.

 

79c8c35-up.png

 

17. Click the Tasks icon () again -> click Download IDP Certificate. You will need this file in a moment.

 

e6fce27-samlidpcert.png

 

18. Click the arrow next to the G Suite IDP Metadata URL (middle column) -> click Copy IDP Single Sign On Service URL.

 

9ac9901-gs.png

 

19. Return to the Google Admin Console’s Security section -> click on Set up single sign-on (SSO) with a third party IDP -> check the box for Setup SSO with third party identity provider.

 

mceclip2.png

 

20. Under Verification certificate -> click Choose File -> select the IDP certificate downloaded from the ClassLink IDP Console (file will be named idp_certificate.crt).

 

9a9cef1-choose.png

 

If you do not see Choose File -> click Replace certificate.

 

mceclip3.png

 

21. Click the Upload button.

 

57a9dcf-upload.png

 

22. In the Sign-in page URL field -> paste the IDP Single Sign On URL that was copied from the ClassLink IDP Console.

 

mceclip4.png

 

23. In the Sign-out page URL, paste in the following URL: https://launchpad.classlink.com/logout?customurl=CustomLoginURLCODE

 

Note: Not sure of your Custom Login URL? The login page URL is located in the ClassLink Management Console under Settings>Login Page. Copy that URL that is associated with your Domain. See image below.

 

 loginurl.png

Replace the highlighted text below with your Custom Login URL

mceclip5.png

 

Example: https://launchpad.classlink.com/logout?customurl=ABCDistrict

 

24. To apply these settings to only specific organizations, set the network mask to 1.1.1.1/32 in the network masks field. Do not check "Use a domain specific issuer."

 

Note If you do not apply the network mask, all GSuite logins across your domain will be routed to ClassLink.

  

 

Note: If your authentication method into ClassLink is with Google credentials, you MUST set a network mask.  

  

network_mask.png

25. Click Save.

 

e904f82-save.png

 

26.  Click here for Phase 2.  This phase is where you will configure your user and device settings for Chromebook logins.

 

Updated: May 2020

Related articles