Shared GMail account with SAML

08/14/2014

SAML is a protocol which securely provides an identity. Using an identity provider which supports SAML, you can setup Single Sign On. However, if you have multiple people sharing a GMail account, things get a little tricky. Here’s how you can set that up for Okta, which is one such identity provider.

Application: Template SAML 2.0

General:

Post Back URL https://www.google.com/a/<domain>/acs
Name ID Format EmailAddress
Recipient https://www.google.com/a/<domain>/acs
Audience Restriction google.com
authnContextClassRef PasswordProtectedTransport
Response Signed
Assertion Signed
Request Compressed
Destination https://www.google.com/a/<domain>/acs
Default Relay State https://gmail.google.com/a/<domain>

Sign On:

SAML Issuer ID google.com/a/<domain>
Default username format Custom – <SharedEmail>

When you assign this application to someone, make sure that the SharedEmail is filled in as the username

Be Sociable, Share!