Add Google G Suite as a single sign-on provider


前提条件:
  • Sso > Provider > Add, Delete, Edit, View permissions
  • Admin role in your organization’s Google G Suite account
  • User email addresses are the same in both Google G Suite and PureCloud

Add PureCloud as an application that organization members can access with the credentials to their Google G Suite account.

メモ:
  • PureCloud does not support assertion encryption for single sign-on third-party identity providers. The PureCloud log in service requires Transport Layer Security (TLS). Since the channel is encrypted, there is no need to encrypt parts of the message.
  • Administrators can optionally disable the default PureCloud login and enforce authentication using an SSO provider only. For more information, see Configure PureCloud to authenticate with SSO only.

Configure Google G Suite

カスタムの PureCloud アプリケーションを作成

  1. In the Admin console, click Google > Apps > SAML.
  2. Click (+) in the bottom right corner.
  3. In Step 1 Enable SSO for SAML Application, click Setup my own custom app.
  4. In Step 2 Google IdP Information, complete the following fields. Leave the remaining field blank or at the default settings.
    このフィールドでは... 入力情報
    SSO URL Copy and save this URL to use as the Target URI in the PureCloud configuration.
    エンティティ ID Copy and save this URL to use as the Issuer URI in the PureCloud configuration.
    証明書 Download the certificate.
  5. In Step 3 Basic Information for your Custom App, following field. Leave the remaining field blank or at the default settings.

    このフィールドでは... これを入力...
    アプリケーション名 Type your PureCloud application name.
  6. In Step 4 Service Provider Details, complete the following fields. Leave the remaining field blank or at the default settings.
    このフィールドでは... これを入力...
    ACS URL Type the URL for the AWS region where your PureCloud organization is located:
    US East (N. Virginia): https://login.mypurecloud.com/saml
    EU (Ireland): https://login.mypurecloud.ie/saml
    EU (Frankfurt): https://login.mypurecloud.de/saml
    Asia Pacific (Sydney): 
    https://login.mypurecloud.com.au/saml
    Asia Pacific (Tokyo): https://login.mypurecloud.jp/saml
    エンティティ ID Type a unique string that you want to use to identify the Entity ID, for example: mypurecloud.com/google
    名前 ID 形式 From the list, select TRANSIENT.
  7. In Step 5 Attribute Mapping, leave the default settings.
  8. [終了] をクリックします。

PureCloudの設定のための証明書を取得する

  1. Open the certificate file you downloaded with a plain text editor and do the following steps:
    1. -----BEGIN CERTIFICATE------」 と「 ------END CERTIFICATE-----」という行を削除します。
    2. 証明書ファイルを保存します。

PureCloud を設定

    1. In PureCloud, click Admin.
    2. 統合の下の、 シングル サインオンをクリック
    3. Click the Google G Suite tab.
    4. Type the identity provider metadata gathered from Google G Suite.
      このフィールドでは... 入力情報
      証明書

      1.[参照] をクリックします。
      2.保存した証明書を選択して [開く] をクリックします。

      発行元 URI

      Type the Entity ID from Step 2 Google IDP Information in the Google G Suite PureCloud custom application, for example:
      https://accounts.google.com/o/saml2?idpid=C0151g8I9

      宛先 URI

      Type the SSO URL from Step 2 Google IDP Information in the Google G Suite PureCloud custom application, for example: https://accounts.google.com/o/saml2/idp?idpid=C0151g8I9

      第三者証明書の ID Type the Entity ID from Step 4 Service Provider Details in the Google G Suite PureCloud custom application, for example: mypurecloud.com/google

      Note: The Entity ID in Google IDP Information and the Entity ID in the Service Provider Details for your PureCloud application have different values and functionality.

    5. 保存をクリックします。