Wikey Docs
  • Using the mobile app
    • Download the app
    • App initial configuration
      • Step 1: Account Configuration
      • Step 2: Sign in
      • Step 3: Choose account name
      • Step 4: Optional - Add helpers
    • Adding/Editing helpers
      • Setting helpers threshold
    • Phone specific configuration
  • Server side configuration
    • SSO Single Sign-On Integration
      • Target applications configuration
  • WiKey as a SAML IdP in Google Workspace
Powered by GitBook
On this page
  • Download and configure the WiKey authenticator app
  • Login to the WIKey Dashboard with the WiKey Authenticator app

WiKey as a SAML IdP in Google Workspace

This guide will show you how to configure WiKey and Google Workspace to add WiKey as a SAML IdP in Google Workspace.

PreviousTarget applications configuration

Last updated 25 days ago

Download and configure the WiKey authenticator app

Before you continue, ensure you have downloaded and configured the WiKey authenticator app.

For Android, download the app here: https://play.google.com/store/apps/details?id=com.wikey.wallet For iOS, download the app here: https://apps.apple.com/us/app/wikey-security/id6443901002?platform=iphone

Login to the WIKey Dashboard with the WiKey Authenticator app

If you haven't already logged in to the WiKey admin, then log in with the WiKey authenticator app. In the dashboard: Add Certificate In WiKey, add a certificate of type X.509 with RSA crypto algorithm and download it. You need to remember the file's name as you will need it later on in the configuration.

Obtaining a certificate if it was previously created

If you previously created a certificate, you can on the WiKey dashboard go to: Identity -> Certs and then download the certificate to your computer. You need to remember the file's name as you will need it later on in the configuration.

Configure SAML Application

On the application edit page, select the certificate you just created. Add the domain name of the Google application you will use in the Redirect URLs, such as google.com.

In the SAML reply URL field, enter https://www.google.com/a/<your domain>/acs, which is the ACS URL. You can find relevant information about ACS URL here: SSO assertion requirements.

Copy the sign-in page URL. This will be used in the next step.

Paste the copied link to items number 3 & 4 in the Google add new SAML profile, sign in page URL and sign out page URL

Add Third-Party SAML IdP for Google Workspace​

In the Google Workspace Admin console, navigate to Security and then Overview. Look for the SSO with third-party IdP section. Click on "Add SSO profile" to access the editing page. Check the "Set up SSO with third-party identity provider" checkbox. Paste the copied sign-in page URL into the Sign-in page URL and Sign-out page URL fields. Upload the certificate downloaded in the previous step. Click "Save" to save the changes

Item 1,2 - http://auth.omnistar.io Items 3 & 4 are identical and should be pasted from the sign-in page URL, which was copied in the WiKey admin page (see above)

Add certificate

Click on the upload certificate and choose the certificate file that you previously downloaded to your computer

Add Users for Testing​

In Google Workspace, create a user with the username "test" (you can customize the username, this is just an example).

In WiKey admin, add a user with the same username as set in Google Workspace. Make sure to select the appropriate organization and enter the user's email address.

As an example using "google.com," follow these steps:

  1. Click on the login button on the Google.com page. Enter the user's email address to initiate the login process.

  2. You will be redirected to the WiKey Login page. On the WiKey Login page, click on the 'Sign in with WebAuth.

  5. You will be directed to the Sign in with passkey page. Continue the login by using your mobile device

  7. You will be presented with a QR code. Continue the login by using the camera on your mobile device