Google Apps as Identity Provider

Question

Is it possible to use Google Apps as the identity provider in a SAML SSO set up? I was planning on using simpleSAML.php and I know you can build in authentication modules but I wondered if it was possible to build an authentication module using Google as the identity provider via the provisioning API?

We are going to be deploying Chromebooks - and they don't yet integrate with SSO, only with the main Google Apps user list. So rather than work of something like Ping Identity, it would be better just to use Google Apps as our identity provider to authenticate our other web apps.

Hope that makes sense.

Answer 1

YES, since a few months ago. It is actually pretty simple. You can follow this two links for current info:

https://support.google.com/a/answer/6087519?hl=en

https://robinpowered.com/blog/how-to-set-up-saml-with-google-apps/

Answer 2

Google (Apps) accounts can be used as an OpenID identity provider. By implementing your app as as a relying party, you could authenticate your users based on their Google accounts. Much like stackoverlow Google login: http://code.google.com/googleapps/domain/sso/openid_reference_implementation.html

With SAML SSO, Google acts as a relying party. While its possible to use provisioning API and clientLogin, this is not supported and is possibly against Google Apps ToS,