Drupal SAML Single Sign On using Google Apps as Identity Provider

The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between Google Apps and the Drupal site. The users will be able to log in to the Drupal site using their Google Apps credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and Google Apps as an Identity Provider (IdP). The module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

Drupal SAML SP Metadata:

• After installing the module on your Drupal site, in the Administration menu, navigate to Configuration → People → miniOrange SAML Login Configuration. (/admin/config/people/miniorange_saml/idp_setup)

• Copy the SP Entity ID/Issuer and the SP ACS URL from the Service Provider Metadata tab. Keep it handy. (This is required to configure Google Apps as IdP.)

Configure SAML Single Sign-On Application in Google Apps:

• Login into your G-Suite Administration account.
• Navigate to the Apps from the left panel and click on Web and mobile apps.

• Click on the Add app, and select the Add custom SAML app from the dropdown.

• Enter the App name and Description (optional). Click on the CONTINUE.

• Click on the DOWNLOAD METADATA button. Keep the downloaded file handy. (This is needed to configure Drupal as SAML SP.)

• Paste the copied SP Entity ID/Issuer and SP ACS URL (from Drupal site) into the Entity ID and ACS URL text field, respectively. Click on CONTINUE.

• In the Attribute mapping panel, select a user field from the dropdown under the Google Directory attribute (First name) and the corresponding attribute key to be sent in the response (field_fname). You can add more attributes using ADD.

Add Users to Google (G Suit) Application:

• In the Google Admin console, navigate to Menu → Apps → Web and mobile apps.
• Select the application that you have created on Google Apps. (In this case, Drupal_SAML).
• Click on the User access

• Enable the checkbox ON for everyone and click on the SAVE button.

Configure Drupal as SAML Service Provider:

• Navigate to the Service Provider Setup tab of the Drupal site and click on Upload IDP Metadata.
• Choose the metadata file that you downloaded from Google Apps and click on the Upload File button.


Note: To update Identity Provider Name, follow these steps:

• Under Action, select the Edit.
• Enter Google Apps in the Identity Provider Name text field.
• Scroll down and click on the Save Configuration button.


• Click on the Test link to test the connection between Drupal and Google Apps.

• On a Test Configuration popup sign in using Google App credentials (if an active session is not present). After successful authentication, a list of attributes that are received from Google App will be displayed. Click on the Done.

Congratulations! you have successfully configure Google App as SAML Identity Provider (IdP) and Drupal as SAML Service Provider.

How does SAML SSO login work?

• Open a new browser/private window and navigate to the Drupal site login page.
• Click the Login using Identity Provider (Google App) link.
• You will be redirected to the Google App login page. Enter the Google credentials. After successful authentication, the user will be redirected back to the Drupal site.