Implement SSO with Google SAML

Question

I have successfully set up my own application with Google SAML, but now I can't understand how do I implement SSO with Google as my IdP.

For example, according to the SAML standart, I (the service provider) should be able to send to Google IdP a logout request to logout a certain user from my system, but I can't find any info about this in google docs.

Similar thing about implementing true SSO in case I will have multiple web services, and I would want to make SSO between them - I can't find any info about that on Google SAML. After Google sends me SAML assertion with user email, that's it, I can't interact with Google, I can't create SSO between my multiple web servers.

So, does Google SAML support SSO? Because it seems to me that the only thing it does is send SAML assertion to my callback URL and that's it.

Answer 1

For example, according to the SAML standart, I (the service provider) should be able to send to Google IdP a logout request to logout a certain user from my system, but I can't find any info about this in google docs.

Google doesn't support SLO, the problem is that this fact is not officially documented, the information can only be found by third parties

Regarding to this question:

I have successfully set up my own application with Google SAML, but now I can't understand how do I implement SSO with Google as my IdP.

I'm not sure if I'm grasping the situation correctly, but I understand that you need your users created on Google to access other configured apps through SSO. In theory (based on my understanding of your question), this federation should be configured within the Admin console as a 'custom app' just like you did it following these steps

Could you elaborate a bit more about what's the behavior you are expecting?

References

• Keeper's documentation SAML setup with Google as IdP