GOOGLE SAML2In this Scenario your Google Enterprise or Education Suite is acting as the SAML Identity Provider (IdP) and you are setting up EnhanceTV as a custom application in that suite.

It is recommended to review the on-line support document for setting up your own custom SAML application.

https://support.google.com/a/answer/6087519?hl=en

During this process you will supply the EnhanceTV Service Provider metadata by copying and pasting the attribute values between the Google Admin console and the following tabs on the EnhanceTV Setup SSO screen:

Service Provider Details for your Institution

Your Identity Provider Details copied from the Google application setup

There are 2 parts to enabling EnhanceTV SSO with Google:

PART 1: Create the EnhanceTV application in Google Admin console

PART 2: Add Google IDP Data to Enhance TV to complete SAML Config

AUDIENCE

Institution administrators setting up SSO for a whole Institution.

PURPOSE

Setup Google SAML integration with EnhanceTV for SSO.

Google SAMLIntegration with ETV

PART 1: CREATE THE ENHANCETV APPLICATION IN GOOGLE ADMIN CONSOLE1. Log into your Google Admin console

https://admin.google.com/

2. Click on Apps

3. Click on SAML Apps

4. Click the Add a Service/App to Your Domain link

The Step 1: Enable SSO for SAML Application modal window displays

5. Click the SET UP MY OWN CUSTOM APP link

The Step 2: Google IDP Information modal window displays

6. Open a new browser tab or window and log in to Enhance TV with an administrator account

7. Click on Manage Account

8. Click on Setup SSO

9. Click on the EnhanceTV Your Identity Provider tab

10. Return to the Google Admin console

11. Copy the following data from modal window and paste it into the corresponding field in the Your Identity Provider tab on the Enhance TV site:

Google Admin Console field Enhance TV field

SSO URL Single Sign On Service Entity endpoint

ENTITY ID SAML2 Entity ID

12. Return to the Google Admin console and click Next

The Step 3: Basic Information for your custom app modal window displays

13. In the Application Name field, type Enhance TV SSO App

14. Click Choose File and upload the EnhanceTV logo file

https://stag-fe.enhancetv.com.au/img/etv-sso-logo-256x256.png

15. Click Next

The Step 4: Service Provider Details modal window displays

16. Switch to the EnhanceTV site.

17. Copy the following data from the EnhanceTV Service Provider tab and paste it into the corresponding field in the Service Provider modal window in the Google Admin console:

Enhance TV field Google Admin Console field

SAML2 Entity ID Entity ID

Assertion Consumer Service (ACS) Endpoint URL ACS URL

NOTE:

• Leave the Start URL field blank.

• The Single Logout Service (SLS) Endpoint URL is not used by Google.

18. From the NAME ID Format field dropdown, select unspecified

19. Click Next

The Step 5: Attribute Mapping modal window displays

20. Click Finish

A confirmation message displays, including a prompt to “Add Google IDP Data to Enhance TV to complete SAML Config”

21. Click OK

The Settings for EnhanceTV SSO App screen displays

22. Click on the More Vert menu (3 vertical dots) and select On for everyone

Continue to PART 2: Add Google IDP Data to Enhance TV to complete SAML Config

PART 2: ADD GOOGLE IDP DATA TO ENHANCE TV TO COMPLETE SAML CONFIG1. Switch to the EnhanceTV website

2. Click on Your Identity Partner tab

3. Switch to your Google Admin console

4. Click the hamburger menu icon on the top left and select Security ( )

5. Click on Setup SSO

6. Copy the following data from the Set up single sign-on (SSO) pane and paste it into the corresponding field in the Your Identity Provider tab on the Enhance TV site:

Google Admin Console field Enhance TV field

SSO URL Single Sign On Service (SSO) Endpoint URL

Entity ID SAML2 Entity ID

NOTE: Leave the Single Logout Service Endpoint URL field blank. Not used by Google.

7. Return to the Setup SSO screen in Google Admin console

8. Next to Certificate 1 label, click Download Certificate

9. Open the certificate file with any text editor application

10. Copy the entire file contents and paste into the Signing field in the Your Identity Provider tab on the EnhanceTV website.

These documents are provided as a helpful guide only. Enhance TV is not responsible for the accuracy or completeness of the content within the documents or any issues arising from the application of the instructions provided. Users are advised to seek their own technical assistance from qualified experts.

11. Ensure that the Encryption Certificate - Same as Signing Certificate box is checked

NOTE: Leave the Fingerprint field blank

12. Click Save

13. Close Google Admin console