Key9 Identity
  • Welcome To Key9 Identity
  • SSH
    • Installation & Setup
      • MacOS Yubikey Smartcard/PIV instructions.
        • 1. Installation of MacOS software
        • 2. Changing the Yubikey PIN.
        • 3. Generating Keys and Certificates for the Yubikey
        • 4. Enrolling the public key to Key9
        • 5. Testing and configuring SSH
      • Windows Yubikey Smartcard/PIV instructions
        • 1. Installation of Windows software.
        • 2. Getting the system ready for libykcs11.dll
        • 3. Adding libykcs11.dll to SSH configurations.
        • 4. Generating Keys and Certificates for the Yubikey
        • 5. Enrolling the public key to Key9
        • 6. Testing your SSH key.
      • OpenSSH with Yubikey / FIDO2 protected keys
        • 1. Prerequisites
        • 2. OpenSSH command for Yubkey FIDO2
        • 3. Enrolling your public key to Key9
        • 4. Testing your SSH key
      • Setting a Yubikey PIN without Yubikey software.
        • 1. Using Key9 "registration" to register a new Yubikey PIN.
        • 2. Using "webauthn.io" to register a new Yubikey PIN.
      • RSA Password Protected SSH Key
        • 1. Key9 Settings to allow RSA
        • 2. Generating RSA SSH Key
        • 3. Enrolling your public key to Key9
        • 4. Testing your SSH key
      • Determine your Yubikey Type
        • 1. Linux "lsusb" command
        • 2. MacOS "ioreg" command
        • 3. Windows 11
      • Useful External Links
      • Windows Powershell with Yubikey/FIDO2-protected SSH keys
        • 1. Download OpenSSH for Windows.
        • 2. Setting up your SSH keys
        • 3. Enrolling your public key to Key9
      • Technical Notes
        • Pop!_OS - "agent refused operation"
      • Key9 SSH for Debian 12 [Bookworm] Howto
        • 1. Installing GPG
        • 2. Configuring the Key9 Debian 12 Repo.
        • 3. Configuring the Key9 SSH client
        • 4. Configuring Name Service Switch [/etc/nsswitch.conf]
        • 5. Configuring the OpenSSH server
        • 6. Modifying "sudoers" [optional]
        • 7. Configuring "k9-tail" for logs [optional]
        • 8. Automatic home directory creation [optional]
  • Web
    • Marketplace Applications
      • Amazon Web Services
      • Atlassian Jira
      • Cyera
      • GitBook
      • Google Workspace
      • KnowBe4
      • LibreNMS
      • NetBox
      • SentinalOne
      • Wiz
Powered by GitBook
On this page
  1. Web
  2. Marketplace Applications

Google Workspace

Configuring Key9 Identity SAML SSO with Google Workspace

PreviousGitBookNextKnowBe4

Last updated 4 months ago

To setup Google Workspace, we just need two pieces of information.

The only required parameter is the user email address, so we will assign the default SamlID field as that parameter.

  1. Workplace Domain:Enter the domain you registered with Google Workspace (do not include https://). Example: yourcompany.com

  2. Start App:This is the default Google Application that you will be redirected to after login (lowercase). Examples: dashboard, mail, calendar

You will need to be able to access the Admin Console to setup SSO.

After you have created your Key9 application, click the SSO tab in the side navigation. This will contain information needed to configure Google Workspace.

  1. Sign in to your Google Admin console.

  2. In the Admin console, go to Menu and then Security and then Authentication and then SSO with third party IdP.

  3. In Third-party SSO profiles, click Add SAML profile.

  4. Enter a name for the profile (Key9 Identity).

  5. (Optional) You can Download SAML Metadata file from the side navigation of your Key9 application, then click upload XML file to provide IdP information, then skip to Step 8

  6. Fill in the following information:

    1. Copy the Key9 SSO url to the Sign-in page URL field.

    2. Copy the Key9 SLO to the Sign-out page URL field.

  7. Enter a change password URL for your IdP... LOL, just kidding we don't use those things!

  8. Click Upload certificate to upload your certificate file. (To view and copy the x509 certificate in Key9, select View Certificate Details from the Certificate Options dropdown menu, then click the copy icon.)

  9. Click Save.

-------------------

By default, applications are not active upon creation. Active applications are immediately available to assign groups. Applications should only be activated when you have configured the Service Provider (SP).

Google documentation can be found here.