Open for Voting

Google Apps Authentication - WebHelpDesk

Would like WebHelpDesk to be able to use Google App logins for authentication.  Would be very handy for schools in particular so staff and students do not have to remember another login / password.  Especially for 1:1 districts like us who do not use Active Directory for the 1:1 device login.

crbiasd

  • This is great, I have had multiple requests for this in the past, lets hope SW make this standard within the Product, could open up more sales into schools.

  • in reply to amizos907

    Yes it is set to that and on for everyone. Works now! Thanks. Must have been a propagation thing on googles end. It always says "may take x amount of time" and its usually instant so I am trained to ignore that.

  • in reply to gchristian

    What are you using as the Sign-on page URL in WHD? Is the WHS SAML app "turned on for everyone" in G-suite?

  • Awesome explanation amizos907, i wasn't able to get it to work though emoticons_sad.png when I visit my help desk instance i get redirected to a google page that says Error: not_a_saml_app. Maybe having WHD sitting behind NGINX is my problem somehow.

  • This is a really old thread, but for those future Googlers who are looking for an answer, I have one.

    1. Create custom SAML app in G-Suite, download the certificate, name it, enter the details, then finish. And turn the app on for everyone.
      SAML #1.jpgSAML #2.jpgSAML #3.jpgSAML #4.jpgSAML #5.jpgSAML #6.jpg
    2. Click on the WHD SAML app in G-Suite to open settings. Collect the "Sign-in page URL" from the WHD SAML app in G-Suite by "launching the app". You will need to quickly screenshot to see the URL in the browser address bar before you are forwarded to a Google error page. The image below shows the URL format you are hoping to catch (i.e. https://accounts.google.com/o/saml2/initsso?idpid......).
      SAML #7.jpgSAML #8.jpg
      SAML #9.jpg
    3. In WHD, disable LDAP sync until you finish the procedure (if you are using it).
      LDAP #1.jpg
    4. Under Setup-->General-->Authentication, change to SAML 2.0. Enter URL collected from previous step, upload certificate you downloaded in step 1, enter the logout URL from the image below, and SAVE the changes.
      AUTH #1.jpg
    5. Now comes the hard part. G-Suite does not recognize the "username" or "SAM-Account-Names" format... only email address. If it isn't already so, need to change the usernames of all the Clients in your WHD from "usernames" to full email addresses. I only had 80 users to change so I didn't mess with a SQL script, but you could use one to make all the changes automagically if it is going to be a hassle the manual way.
      CLIENTS #1.jpg
    6. The last thing is to re-enable LDAP syncing (if you are using it) and to make some changes so that all your hard work from step 5 isn't overwritten. The biggest of those changes is making the Username attribute map to "mail".
      LDAP #2.jpgLDAP #3.jpg

    Good Luck!

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.