Audience: ClassLink Administrator
ClassLink can become your 3rd party SSO provider for Google SSO by following these steps in the Google Admin Console. If you need further assistance, please contact firstname.lastname@example.org.
1. Open your G Suite Admin Console at https://admin.google.com.
2. Click the Security option.
3. Click Set up single sign-on (SSO) for SAML applications.
4. Click the Download IDP Metadata button in the Certificate 1 field. This file will be needed in a later step. Keep the Google Admin Console open in a separate tab, as you will need to return to the console towards the end of this process.
5. In ClassLink, open up the ClassLink Management Console from My Apps
6. Single Sign-On -> SAML Console
7. In the SAML Console -> click Copy Existing in the top menu.
8. Click Copy for the G Suite entry.
9. Click the Tasks icon (…) -> click Edit from the drop-down menu.
10. Click metadata text, which is found underneath the Metadata URL input field.
11. Open the IDP metadata file that you downloaded from the Google Admin Console in a text editor (e.g. Notepad).
12. Copy the entire contents of the file -> paste it into the Metadata field of the ClassLink IDP Console.
13. Under Login URL, put your custom URL code (not the whole URL!).
If you are not planning on using QuickCards, please follow the format below.
14. Check the box for Use custom certificate for signing -> click the Create One button.
15. In the Consumer Service Url (post) field, replace YOUR_G_SUITE_DOMAIN with your school’s G Suite domain.
16. Click Update, to save all settings and return to the main listing of the ClassLink IDP Console.
17. Click the Tasks icon (…) again -> click Download IDP Certificate. You will need this file in a moment.
18. Click the arrow next to the G Suite IDP Metadata URL (middle column) -> click Copy IDP Single Sign On Service URL.
19. Return to the Google Admin Console’s Security section -> click on Set up single sign-on (SSO) with a third party IDP -> check the box for Setup SSO with third party identity provider.
20. Under Verification certificate -> click Choose File -> select the IDP certificate downloaded from the ClassLink IDP Console (file will be named idp_certificate.crt).
If you do not see Choose File -> click Replace certificate.
21. Click the Upload button.
22. In the Sign-in page URL field -> paste the IDP Single Sign On URL that was copied from the ClassLink IDP Console.
23. In the Sign-out page URL, paste in the following URL: https://launchpad.classlink.com/logout?customurl=CustomLoginURLCODE
Replace the highlighted text below with your Custom Login URL
24. Set the network mask to 126.96.36.199/32 in the Network masks field. If you do not apply the network mask, all G Suite logins across your domain will be routed to ClassLink.
25. Click Save.
26. Click here to view the documentation on how to use ClassLink QuickCards to log into your Chromebooks.
Updated: Feb 2019