Google Enterprise SSO Setup

Resources


GETTING STARTED - Google SSO

In this tutorial, you'll learn how to integrate WestFax with Google Enterprise.
When you integrate WestFax with Google, you can:

  • Control who has access to WestFax Fax numbers.
  • Enable your users to be automatically signed-in to WestFax with their Google Enterprise accounts.
  • Manage your accounts in one central location.

Prerequisites

To get started, you need the following items:

  • Google Enterprise Account with at least one user.
  • WestFax Enterprise account with AD/SSO enabled.

Configuring WestFax for SSO

If you have enabled SSO/AD with WestFax you are just a few steps away from enabling single sign on with WestFax.

Here are the steps to get your SSO setup with WestFax:

In order to utilize SSO and Active Directory sync you must have SSO enabled on your account. Contact your account manager and ask them to activate this functionality. There may be some setup fees involved. Your account manager can walk you through the process.

After you are enabled you will want to login to the admin tool and go to the SSO tab and you should see a screen like this:

SAML Login

There are three values here you want to copy for use in the Google setup:

Consume Endpoint: https://home.westfax.com/login/Consume/YourProviderId
Redirect Endpoint: https://home.westfax.com/login/sso/YourProviderId
Metadata Endpoint: https://home.westfax.com/login/metadata/YourProviderId

You will need these values later. Copy them somewhere for use.

At this point you need to log in to Google Admin panel for your organization at Google Admin. With the values you copied above you will add a connection to WestFax's SSO provider.

Here are the steps:

  1. Login to Google Admin
    With your admin account log into the Google Enterprise Admin cloud website.
  2. Go to Apps -> Web and mobile apps.
  3. Click Add App -> Add custom SAML app.
    Google Settings Page 1
  4. Type "WESTFAX SSO" for the name of your app -> click Continue.

    Google Settings Page 2
  5. Copy the following Values from Google:

    Copy the SSO URL, Entity ID, Certificate and save them to your notepad. You will want to download the certificate to a .pem file in a secure location. Also, copy the value after idpid= as the ClientId. We'll use that in Step 3.

    Google Settings Page 3
  6. Copy values from WestFax into the Google Service Provider Details
    Copy the values from the first step into the settings page for the Google Service Provider Details.

    Google Settings Page 4

    For the fields enter the following:
    1. ACS URL: https://home.westfax.com/login/Consume/YourProviderId
    2. Entity ID: https://home.westfax.com/login/metadata/YourProviderId
    3. Start URL: https://home.westfax.com/login/sso/YourProviderId
    4. Name ID format: EMAIL
    5. Name ID: Basic Information > Primary Email

    Google Settings Page 5

  7. Click Continue -> Then Finish

    Just skip the Attributes page and click Finish. You will now need to go back to the WestFax Admin panel and update some settings.

Now you will want to copy the two values from the Previous step into the WestFax SSO panel. Then we'll also add your Google x.509 certificate as well. You will need to login to the WestFax Admin panel first and click on the SSO section.

Here is the screen you will add your settings.

Google Settings Page 6

Needed Settings:

A - Login Endpoint - This comes from the previous step in Google (SSO URL).
B - Client Id (App Id) - This comes from the previous step in Google (CliendId snippet).
C - Certificate x.509 - This is the certificate file you previous downloaded (*.pem file)

When you are done click Save Settings.

You are now setup for SSO!

You will want your team to login using the Redirect Login link which is usually

https://home.westfax.com/sso/login/YourProviderId

Note: Make sure your users are added to the application in the Google Admin App settings. Otherwise you will see a 403 error.

If you have any questions please reach out to us directly at 303-299-9329 or contact your account manager.

Get your SSO and Fax platform integrated today!

What is Single Sign On (SSO)?

Single sign on (SSO) is an identification method that allows users access to multiple applications / websites with one set of credentials. The integration of SSO within an enterprise makes password management easier and improves security as workers access applications that are on-premises as well as in the cloud.

WestFax SSO integration allows for seamless sign-on to the Fax Console and makes fax provisioning and permissions management simple.

What is Active Directory Sync?

Active Directory Synchronization is a light-weight application installed on the customers computer that enables simple synchronization of users and fax lines.

An admin creates Security groups for each fax line and then adds and removes users to that group. Each group is bound to a fax number in the WestFax portal. Users can belong to several Security groups which would grant them access to multiple fax numbers.

Need to remove access? Just remove the user from the Security group and they no longer have access to the fax number.