Google SSO for Curricula

1.  Log into your GSuite admin account and click on ‘Apps’ from the Admin Console.
2.  Select ‘SAML Apps’ from the Apps screen.
3.  Select ‘Add a service/App to your domain’ on the SAML apps page.
4.  From the ‘Enable SSO for SAML Application’ box (pictured below), select ‘Setup My Own Custom App’ at the bottom.
5.  On the following screen, ‘Google IdP Information,’ you will need to copy the SSO URL and download the Certificate to enter into the Curricula app. 

1.  Log into your Curricula Admin account and navigate to the ‘Settings’ tab.
2.  Then from the Learners Settings scroll down to the Groups section and click 'Edit' on the title of the group whose Access Code you want to manage.

3.  Select the Group that will use Google SSO, and then navigate to the ‘Access’ tab. 

4.  Under the ‘Authentication Type’ section, select ‘SAML Single Sign-on' from the dropdown and click ‘Update.’
5.  Under the ‘SAML Configuration’ section, which will appear after completing the last step, enter the Google SSO URL from your application on the ‘Identity Provider Single Sign-on URL’ line. Then add your Google SSO certificate in the ‘New Identity Provider X.509 Certificate’ box below.

Important Note About the Identity Provider Single Sign-on URL

 

We need to modify the URL that we get from the SSO URL field (that we just pasted into box 1 above). You will probably see something like this:

https://accounts.google.com/o/saml2?idpid=C018bayj0

We need to modify this in the following ways:

https://accounts.google.com/o/saml2 part to read https://accounts.google.com/o/saml2/initsso

 

So, your URL will look like this: https://accounts.google.com/o/saml2/initsso?idpid=C018bayj0

 

But, there’s one more thing we need to add to this URL, if you take a look at the Address bar of your newly created SAML App, you will see a format similar to this:

 

We need to get that SAML id similar to the id above `68861099283`

 

And we need to add &spid={YOUR_SAML_ID} to the end of the URL, replacing your SPID in the existing link

 

So, the final Identity Provider Single Sign-on URL, will look similar to this:

 

https://accounts.google.com/o/saml2/initsso?idpid=C018bayj0&spid=68861099283

 

That is what you will need to enter into the Identity Provider Single Sign-on URL field of your Curricula Group settings

 

Make sure to click the Update button in Curricula to save your changes. 

 

5.  Click the Update button in Curricula to save your changes. 
6.  Return to the ‘Google IdP Information’ box from your Google Admin Console (Step 5 from the previous section) and click Next.
7.  On the ‘Basic Information for your Custom App’ box, create a name on the ‘Application Name’ line, something like ‘Curricula Saml Application’ will work. You can also add a description under ‘Description’ if you choose.
8.  Click Next to proceed.

9.  Return to the ‘SAML Configuration' section where you left off on mycurricula.com (Step 4 above) and copy the URL listed under ‘Service Provider Sign In URL.’
10.  Return to the Google Admin Console, to the ‘Service Provider Details’ box, and enter the URL you copied from the previous step into the Access URL and Entity ID fields. 
11.  Check the Signed Response and click Next to proceed.
12.  On the ‘Attribute Mapping’ box, click Finish.
13.  The new application will appear on your SAML Apps list of GSuite. Click the ellipsis to the right of the screen on the app line and set it to ‘On for Everyone.’