Users will have a consistent, streamlined login experience. To mitigate the user experience friction of JC <> GWS directory integration - where user is allowed to change the GWS' pw separately.
Use Cases
Scenario A - User has ONLY GWS account.
- There are OUs / Groups are NOT entitled corp devices, and the account is NOT managed in JC (to save the license cost):
- Contractors, external consultants whom have limited access to corp app / data.
- They are using GWS mainly via Chrome (managed) on any devices.
Scenario B - User has both GWS and JC accounts.
- I.e. full time employee’s accounts are managed by JC, as well as their devices.
- User passwords are:
- Managed by JC.
- MFA on JC.
- When users trying to change their password on GWS, will be redirected to JC.
Overview diagram
How to set it up
- Setup SSO with GWS in your JC tenant, follow the steps here.
- You can find the YOURDOMAIN on GWS, by going to Account → Domains → Manage Domains, use the one with type Primary Domain .
- Once done and saved, flip to GWS admin console to continue the steps.
- Make sure the Entity ID and ACS URL values in the SAML profile you created are copied back to JC’s SSO setting:
And assign the SAML profile to the desired OUs.
Or assign to the desired groups.
- Done.
Note: For the SSO connectors setup on GWS - User accesses will remain intact if JC SSO is enabled on their OUs / Groups.
Reference links (Google):
Set up SSO for your organization - Google Workspace Admin Help
Single Sign On (SSO) with Google Workspace
Pre-integrated SAML apps catalog - Google Workspace Admin Help
Amazon Web Services cloud application - Google Workspace Admin Help
