Overview

AuthX integrates with Security Assertion Markup Language (SAML) to add two-factor authentication to Google login. This SAML integration works for different web services

System Requirements

AuthX Authentication for server operating systems.

Server

• Windows Server 2012

• Windows Server 2012 R2

• Windows Server 2016

• Windows Server 2019

AuthX Factor Support

AuthX for SAML support these factor types for 2FA:

• Push

• TOTP

• Face

• Pin

• Phone SMS

• Phone Call

• Email

• Fingerprint

• RFID

• Hardware Token

Configuration Steps on AuthX & Google

Pre-Requisite

1. Make sure to have an AuthX account, you can signup here https://admin.authx.com/signup

2. Make sure to have an Google account, you can signup here Google

   1. The email id which we are using while account creation should be an Active user (same email ID) in AuthX portal, Google Login & OKTA portal

AuthX Admin portal – Google application creation steps

1. Login to AuthX Admin portal.

2. Navigate to the Applications tab

3. Click Protect Application and select Protect for Google

4. Provide your inputs on the Application Name, Access Management Options, Domain Name, Cookies Expiry

   

   1. Application name – Random characters allowed

   2. Access Management Options

      1. SSO with AuthX Identity

         1. Login using AuthX Registered Email address and password followed by the authentication factor enrolled for the user

      2. SSO with 3rd party Identity Provider

         1. Login using configured 3rd party SAML identity provider

      3. SSO with MFA for 3rd Party Identity Provider

         1. Login using configured 3rd party SAML identity provider followed by authentication factor enrolled for the user in AuthX

      4. Passwordless SSO with AuthX Identity

         1. Use any of the enrolled authentication factor in AuthX to access the application

   3. Domain Name

      1. Input your domain details here

   4. Cookies Expiry

      1. Select any options listed here

         1. One time

            1. On every login, user to provide the Username & Password while login

         2. 8 hours

            1. Every 8 hours, user to provide the Username & Password while login

         3. One day

            1. Every 24 hours, user to provide the Username & Password while login

         4. Max (7days)

            1. 7 days once, user to provide the Username & Password while login

   5. Save the application

Google Configuration

1. Login to Google Admin account, Google Admin

2. Select Security Tab

   

3. Scroll down and select Setup single signon SSO) with third party IDP

   

4. Edit the SSO profile for your organization

   

5. For Signin page URL, Signout page URL & Replace Certificate details, do the following

   1. Copy paste the Signin URL and Signout URL from AuthX Admin portal mentioned in AuthX Admin portal – Google application creation steps → Step 4

      

   2. Go to AuthX Admin Portal-> Settings-> Certificate Management and download the certificate

      

6. Now save the configuration

   

7. Logout from Google Admin account

SAML as IDP – Google (SSO with AuthX Identity)

1. Pre-requisite – Make sure your logged out from AuthX Admin and Google Admin account

2. Login to AuthX User portal mentioned in Configuration Steps on AuthX & Google ->Pre-Requisite → Step 2 a

3. Navigate to Applications → Auth Applications tab

   

4. Launch the Google application from here

5. A new tab opens up SAML login and it auto redirects to Gmail Inbox

   

6. User redirected to Gmail Inbox

   

SAML as SP – Google (SSO with AuthX Identity)

1. Go to Google Admin

2. 

   Login with the Google Me user mentioned in Configuration Steps on AuthX & Google ->Pre-Requisite → Step 2 a

3. Redirects to SAML Login

4. Use the AuthX User portal credentials mentioned in Configuration Steps on AuthX & Google ->Pre-Requisite → Step 2 a

   

5. Use any of the Auth factors to successfully login

   

6. User redirected to Gmail Inbox

   

SAML as IDP – Google (SSO with 3rd party Identity Provider OKTA)

Application & Okta setup updates

Identity Provider creation

1. Login to AuthX admin portal

2. Navigate to Identity Provider

   

3. Select Add Identity provider

4. Fill in the mandatory details (Mentioned below in OKTA Identity Provider Setup Step 6)

   

5. Set the application status to Active

6. Save the application

OKTA Identity Provider setup

1. Go to https://dev-74176585.okta.com/login/login.htm

2. Login as an Okta Admin account

   

3. Navigate to Applications and select Applications

4. Select AuthX SAML

   

5. Choose Sign On Tab and select View Setup Instructions

   

6. Copy paste the following details in above mentioned Identity provider creation-> Step 4

   1. Identity Provider Single Signon URL,

   2. Logout URL

   3. Identity provider Issuer

   4. Download Certificate

OKTA – AuthX Identity Provider Configuration

1. After the Identity provider application is saved, go to Okta login and navigate to Applications

2. Select Applications and select AuthX SAML

3. Choose General Tab and edit the SAML Settings

   

4. On the General Settings, click Next

   

5. On the Configure SAML page, fill these details “Single sign on URL, Single Logout URL, Audience URI (SP Entity ID), SP Issuer & Signature Certificate” from AuthX Admin portal. Follow the below steps,

   1. Login to AuthX Admin Portal → Identity Provider → Edit the OKTA application (which was created in Identity Provider creation → Step 4)

   2. Click on Download Metadata

      

   3. Open the downloaded metadata file in Notepad and copy paste the Signin & Signout URL in above mentioned Configure SAML → Step 5

      

6. No go back to Configure SAML step and paste the following details,

   1. Single Sign in URL

      

   2. Single Logout URL (Click Show Advanced Settings)

      

   3. Audience URI (SP Entity ID) and SP Issuer field – Update the respective AuthX company hostname

      

   4. Signature Certificate

      1. Go to AuthX Admin portal

      2. Navigate to Settings-> Certificate Management

      3. Download the certificate & upload it here and click on Next

         

   5. Click Finish on the Feedback

   6. Logout from OKTA admin account

Google application updates in AuthX admin portal

1. Login to AuthX Admin portal and navigate to Applications

2. Edit Google application

3. In the Access Management options, choose ‘’SSO with 3rd party identity provider’’

4. Select the Gateway

   

5. Save the application

6. Logout from AuthX Admin portal

Launch Google application as IDP

1. Pre-requisite – Make sure your logged out from AuthX Admin, Google Login & Okta Admin account portal

2. Now Login to AuthX User portal with user credentials mentioned in Configuration Steps on AuthX & Google ->Pre-Requisite → Step 2 a

3. Navigate after successful login, it redirects to Okta login

   

4. Now input the OKTA user credentials and sign in

5. Redirects to AuthX user Confirm Identity page

   

6. Use any of the Auth factors to successfully login

7. User redirected to AuthX user portal-> Applications page

8. Now go to Auth Applications tab and launch Google application

   

9. A new tab opens up SAML login

10. Login with the user portal credentials here (Mentioned in Launch the Google Application-> Step 2 a)

    

11. Use any of the Auth factors to successfully login

    

12. User redirected to Google Inbox

SAML as SP – Google (SSO with 3rd party Identity Provider OKTA)

1. Go to Google Admin

2. 

   Login with the Google user (Mentioned in Configuration Steps on AuthX & Google → Pre-Requisite)

3. Redirects to Okta login

   

4. Now input the OKTA user credentials and sign in

5. Use the AuthX User portal credentials mentioned in Configuration Steps on AuthX & Google ->Pre-Requisite → Step 2 a

   

6. User redirected to Google inbox

SAML as IDP & SP – Google (SSO with MFA for 3rd party Identity Provider OKTA)

1. Follow the steps mentioned in https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2846752805/SAML+Configuration+for+Google#SAML-as-IDP—Google-(SSO-with-3rd-party-Identity-Provider-OKTA) and https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2846752805/SAML+Configuration+for+Google#SAML-as-SP—Google-(SSO-with-3rd-party-Identity-Provider-OKTA)

2. On Google login, after the User credentials input additionally it will ask for AuthX Confirm Identity

SAML as IDP & SP – Passwordless SSO with AuthX Identity

1. Follow the steps mentioned in https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2846752805/SAML+Configuration+for+Google#SAML-as-IDP—Google-(SSO-with-AuthX-Identity) and https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2846752805/SAML+Configuration+for+Google#SAML-as-SP—Google-(SSO-with-AuthX-Identity)

2. On Google login, after the Email address input it will skip the Password option & redirect to Google Inbox view