{"_id":"59e6190f2debd70010025b93","project":"55d535ca988e130d000b3f5c","version":{"_id":"55d535cb988e130d000b3f5f","__v":12,"project":"55d535ca988e130d000b3f5c","hasDoc":true,"hasReference":false,"createdAt":"2015-08-20T02:04:59.052Z","releaseDate":"2015-08-20T02:04:59.052Z","categories":["55d535cc988e130d000b3f60","55d6b238d2a8eb1900109eef","55d6b4f3250d7d0d004274cd","55d7967960fc730d00fc2852","55da9804e835f20d009fc5d0","55e75b1de06f4b190080dbfd","55e75b39e06f4b190080dbfe","55e75b7ae06f4b190080dbff","564f5a4e33082f0d001bb709","570fb64aa38d470e0060cbff","586d0dd89a854123001acd65","586d0e3b9a854123001acd66"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"55e75b7ae06f4b190080dbff","__v":10,"project":"55d535ca988e130d000b3f5c","version":"55d535cb988e130d000b3f5f","pages":["5637e17197666c0d008656a5","569591a4fcb1032d0089e037","569622eafe18811700c9c19b","5696c9588560a60d00e2c1e0","569709ca0b09a41900b2442b","5697129ac8ded91700307b77","5697190a59a6692d003fad6a","5697192969393517000c8280","569f11908f6d4b0d00f13bb2","56a0030b5b981c2b00383df0"],"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-09-02T20:26:34.258Z","from_sync":false,"order":4,"slug":"frame-platform","title":"Frame Platform"},"user":"56461e119f3f550d00fa3da2","__v":0,"parentDoc":null,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2017-10-17T14:51:59.807Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":22,"body":"## Introduction\n\nIntegrating G Suite Authentication Single Sign-On (SSO) with your Frame accounts is easy and should only take 15 minutes.\n\nYou will need to have a Google G Suite Account before we start.\n\n## Create A New Saml App In G Suite\n\nLogin to your G Suite Admin Panel\n\n### Step 1: Select Apps\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/000c358-1.png\",\n        \"1.png\",\n        1632,\n        396,\n        \"#d0d3d2\"\n      ]\n    }\n  ]\n}\n[/block]\n### Step 2: Select SAML apps\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/0cb27f1-2.png\",\n        \"2.png\",\n        992,\n        684,\n        \"#e6e6e6\"\n      ]\n    }\n  ]\n}\n[/block]\n### Step 3: Create A New SAML App\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/e31351d-3.png\",\n        \"3.png\",\n        1756,\n        940,\n        \"#4473d5\"\n      ]\n    }\n  ]\n}\n[/block]\nSelect the plus symbol to create a new SAML App.\n\n### Step 4: Create a Custom App\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/f740a2d-4.png\",\n        \"4.png\",\n        1092,\n        714,\n        \"#d5d5d6\"\n      ]\n    }\n  ]\n}\n[/block]\nSelect \"SETUP MY OWN CUSTOM APP\"\n\n### Step 5: Download Metadata File\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/207d327-5.png\",\n        \"5.png\",\n        1021,\n        730,\n        \"#dbdbdb\"\n      ]\n    }\n  ]\n}\n[/block]\nScroll down and download the IDP Metadata file. You will be providing this to Frame Support later.\n\n### Step 6: Basic Details\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/8434e5c-6.png\",\n        \"6.png\",\n        1005,\n        717,\n        \"#dadada\"\n      ]\n    }\n  ]\n}\n[/block]\nAdd a name, description and logo.\nHere's a Frame Logo if you need one: \n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/67b78ab-7.png\",\n        \"7.png\",\n        215,\n        215,\n        \"#d01313\"\n      ]\n    }\n  ]\n}\n[/block]\n### Step 7: SAML Details\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/7304022-8.png\",\n        \"8.png\",\n        998,\n        741,\n        \"#cecece\"\n      ]\n    }\n  ]\n}\n[/block]\nAssuming your custom authentication will be named: mycompany-gsuite\nAnd the account you want to provide access to has the team url: mycompany\nACS URL\nhttps://img.mainframe2.com/saml2/done/mycompany-gsuite/\nStart URL enter https://img.mainframe2.com/login/?account_type=mycompany-gsuite&return_url=https://mycompany.fra.me/custom_auth_return\nOtherwise set the fields as shown in the screenshot. Note that Signed Response is NOT checked. We only want the assertion to be signed.\n\n### Step 8: Attribute Mapping\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/63c03f1-9.png\",\n        \"9.png\",\n        1035,\n        739,\n        \"#dbdbda\"\n      ]\n    }\n  ]\n}\n[/block]\nThese should be spelled and capitalized exactly as given here.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/b37388c-10.png\",\n        \"10.png\",\n        1110,\n        501,\n        \"#ebdbcd\"\n      ]\n    }\n  ]\n}\n[/block]\nYou should now see this message.\n\n### Final Step: Email Frame Support\n\n```\nHi Frame Support,\n\nI have created a new Google G Suite application for my Frame account.\n\nMy Frame Account is Called: Account NAME\nMy Frame Email Address is: me:::at:::example.com\nMy Team URL is: mycompany\nMy Custom Authentication Name is: mycompany-gsuite\n\nI have included my SAML Metadata File as requested (see attached).\n\nRegards,\n\nMe\n```\n\nEmail Frame Support and cc bill@fra.me. You can use this template for the email.\n\nProvide the same Team URL and Custom Authentication Name you provided in Step 7.\n\nWe will need a copy of your metadata file because G Suite does not support auto-discovery of metadata.\n\nFrame Support will create a Custom Authentication name and email you to let you know when the SSO integration is ready to test.\n\nThe Login URL will be: \n```\nhttps://img.mainframe2.com/login/?account_type=[Custom Auth Name]&return_url=https://[Team URL].fra.me/custom_auth_return\n```\ne.g.\n```\nhttps://img.mainframe2.com/login/?account_type=mycompany-gsuite&return_url=https://mycompany.fra.me/custom_auth_return\n```\nWhen you test, be sure to use an \"Incognito\" or \"Private Browsing\" window, to be sure your are really testing SSO and not just re-using an existing token in a cookie.","excerpt":"","slug":"integrating-with-g-suite-authentication","type":"basic","title":"Integrating with G Suite Authentication"}

Integrating with G Suite Authentication


## Introduction Integrating G Suite Authentication Single Sign-On (SSO) with your Frame accounts is easy and should only take 15 minutes. You will need to have a Google G Suite Account before we start. ## Create A New Saml App In G Suite Login to your G Suite Admin Panel ### Step 1: Select Apps [block:image] { "images": [ { "image": [ "https://files.readme.io/000c358-1.png", "1.png", 1632, 396, "#d0d3d2" ] } ] } [/block] ### Step 2: Select SAML apps [block:image] { "images": [ { "image": [ "https://files.readme.io/0cb27f1-2.png", "2.png", 992, 684, "#e6e6e6" ] } ] } [/block] ### Step 3: Create A New SAML App [block:image] { "images": [ { "image": [ "https://files.readme.io/e31351d-3.png", "3.png", 1756, 940, "#4473d5" ] } ] } [/block] Select the plus symbol to create a new SAML App. ### Step 4: Create a Custom App [block:image] { "images": [ { "image": [ "https://files.readme.io/f740a2d-4.png", "4.png", 1092, 714, "#d5d5d6" ] } ] } [/block] Select "SETUP MY OWN CUSTOM APP" ### Step 5: Download Metadata File [block:image] { "images": [ { "image": [ "https://files.readme.io/207d327-5.png", "5.png", 1021, 730, "#dbdbdb" ] } ] } [/block] Scroll down and download the IDP Metadata file. You will be providing this to Frame Support later. ### Step 6: Basic Details [block:image] { "images": [ { "image": [ "https://files.readme.io/8434e5c-6.png", "6.png", 1005, 717, "#dadada" ] } ] } [/block] Add a name, description and logo. Here's a Frame Logo if you need one: [block:image] { "images": [ { "image": [ "https://files.readme.io/67b78ab-7.png", "7.png", 215, 215, "#d01313" ] } ] } [/block] ### Step 7: SAML Details [block:image] { "images": [ { "image": [ "https://files.readme.io/7304022-8.png", "8.png", 998, 741, "#cecece" ] } ] } [/block] Assuming your custom authentication will be named: mycompany-gsuite And the account you want to provide access to has the team url: mycompany ACS URL https://img.mainframe2.com/saml2/done/mycompany-gsuite/ Start URL enter https://img.mainframe2.com/login/?account_type=mycompany-gsuite&return_url=https://mycompany.fra.me/custom_auth_return Otherwise set the fields as shown in the screenshot. Note that Signed Response is NOT checked. We only want the assertion to be signed. ### Step 8: Attribute Mapping [block:image] { "images": [ { "image": [ "https://files.readme.io/63c03f1-9.png", "9.png", 1035, 739, "#dbdbda" ] } ] } [/block] These should be spelled and capitalized exactly as given here. [block:image] { "images": [ { "image": [ "https://files.readme.io/b37388c-10.png", "10.png", 1110, 501, "#ebdbcd" ] } ] } [/block] You should now see this message. ### Final Step: Email Frame Support ``` Hi Frame Support, I have created a new Google G Suite application for my Frame account. My Frame Account is Called: Account NAME My Frame Email Address is: me@example.com My Team URL is: mycompany My Custom Authentication Name is: mycompany-gsuite I have included my SAML Metadata File as requested (see attached). Regards, Me ``` Email Frame Support and cc bill@fra.me. You can use this template for the email. Provide the same Team URL and Custom Authentication Name you provided in Step 7. We will need a copy of your metadata file because G Suite does not support auto-discovery of metadata. Frame Support will create a Custom Authentication name and email you to let you know when the SSO integration is ready to test. The Login URL will be: ``` https://img.mainframe2.com/login/?account_type=[Custom Auth Name]&return_url=https://[Team URL].fra.me/custom_auth_return ``` e.g. ``` https://img.mainframe2.com/login/?account_type=mycompany-gsuite&return_url=https://mycompany.fra.me/custom_auth_return ``` When you test, be sure to use an "Incognito" or "Private Browsing" window, to be sure your are really testing SSO and not just re-using an existing token in a cookie.