Note:
- This document references views and actions that are only available to Echo Administrators
Requirements:
- Your institution must have a G Suite account.
- For a Echo user to authenticate using Google SSO, their Echo username must match their G Suite email address
Set up your own custom SAML app for Echo
- Sign in to your Google Admin console (admin.google.com)
- From the Admin console Home page, open Apps.
- Open Web and mobile apps.
Open the Add app dropdown, and select Add custom SAML app.
Enter the App name (Echo)
- Download the IDP metadata. You will use this when configuring Echo.
In the Service Provider Details window, add an ACS URL, an Entity ID, and a Start URL. Use the following URLS (this information can also be found at (https://api.agilixbuzz.com/SAML/USERSPACE/metadata.xml):
- ACS (AssertionConsumerService) URL: https://api.agilixbuzz.com/SAML/USERSPACE/Consumer
- Entity ID: https://api.agilixbuzz.com/SAML/USERSPACE
- Start URL: https://USERSPACE.echo-ntn.org/home
NOTE:
- Replace USERSPACE with your schools Userspace/URL
- If you have a custom URL for Echo, then your Start URL would be https://USERSPACE.CUSTOM_URL.com/home, replacing CUSTOM_URL with your custom URL.
- Leave Signed Response unchecked.
If you want to attach additional information to app (e.g., names, email, titles, etc):
- Click Add mapping.
- Open the Google directory attributes dropdown, and select the desired attribute for everything you want to add.
- Provide the information in the App attributes fields.
- Click Finish.
You can define a maximum of 1500 attributes over all apps. Because each app has one default attribute, the total amount includes the default attribute plus any custom attributes you add. In the Basic Application Information window, add an application name (e.g., Echo) and description.
Google shows you a summary of the SAML configuration. From this screen you can make changes, including turning the app on or off for everyone.
Turn on SSO to your new SAML app
- Sign in to your Google Admin console (admin.google.com)
- From the Admin console Home page, open Apps.
- Open Web and Mobile apps.
Click your new SAML app.
Click the User access card.
- At the left, the top-level organization and any organizational units appear. Ensure that your user account email IDs match those in the domain for your Google service (e.g., studentname@school.com).
- Select ON for everyone to enable SSO for the listed organizations.
- Save.
Once enabled some users will be able to attempt to authenticate into Echo with their Google credentials. However, they will not successfully be able to do so until you have configured Echo to use the Google SSO in the following sections.
Configure Echo to use the new Google SSO
Go to the Admin app in Echo for the USERSPACE you configured in Google, and from Domain select Domain Settings from the vertical menu.
- On the Authentication card, select SAML as your authentication Type (Do not choose the "old version" of SAML)
- Click Add identity provider (IdP).
- Provide the Login prompt. This is what appears on the login button. If you have only one IdP, this defaults to Login, if you have more, you can label them appropriately.
- Upload the idp-meta XML file that you downloaded from Google.
- The Metadata resource path and Provider ID are automatically populated.
- Click Done.
- Provide a Logout redirect URL if you want users to be taken to somewhere other than the Echo login screen with they sign out.
- Indicate if you want to Prevent users form using Echo credentials.
- If you don't select this, you have the option to Allow users to create their own accounts rather than requiring they be created for them. You will also be able to set up your password policy.
Verify SSO between your Google service and Echo
- Go to your Echo login page.
- Click Login to launch the Google SSO.
- Enter your G Suite credentials.
- After your G Suite credentials are authenticated you will be automatically redirected back to your Echo home page.
Echo is constantly being improved based on the feedback from users and we strive to keep our documentation up to date. If this document doesn’t match what you are seeing in Echo, please let us know.
Comments
0 comments
Please sign in to leave a comment.