How do I set up SSO on the Heru Portal for use with Google Workspace?

This article assumes that you've followed the steps to enable SSO in your Heru portal account.

Once you've filled in the hostnames for your SSO and non-SSO URLs, it's time to configure Google Workspace to be an identity provider for the Heru Portal.

  1. Set the Heru Portal browser window (with the SSO settings) aside for a moment. You'll need it later!
  2. In a new window, log in to the Google Admin Portal as an administrator.
  3. In the Admin console, go to Menu and then Appsand thenWeb and mobile apps.
  4. Click Add AppAdd custom SAML app.
  5. For the App name, enter Heru Portal.
  6. You can skip the description and the app icon. Click CONTINUE
  7. On the next screen, click DOWNLOAD METADATA
  8. Open your downloads folder and locate the file that was just downloaded.
  9. Go back to your Heru Portal window, and drag the downloaded file to this box:
    Drag & drop XML file here, or click to select file
    (or, as it says, you may click the box and locate the file that way.)
  10. If all went well, the three fields below the box from step 9 should have auto-populated. Do not change these values!
  11. Most sites will want to check the box next to Automatically Provision Users. This will allow for any user that succeeds SSO, to be automatically created in the portal, if they don't already exist. Note that users created in this manner must use SSO to log in, so removing them from your Google Workspace will revoke their ability to log in, even though the user may still exist in the Heru Portal.
  12. Click Submit.
  13. Go back to your Google window and click CONTINUE
  14. In the Heru Portal window, click the copyicon next to Identifier (Entity ID).
  15. In the Google window, under Entity ID, paste the value from step 12.
  16. In the Heru Portal window, click the copyicon next to Reply (ACS) URL.
  17. In the Google window, under ACS URL, paste the value from step 14.
  18. In the Heru Portal window, click thecopyicon next to Sign On URL.
  19. In the Google window, under Start URL, paste the value from step 16.
  20. Leave Signed reponse unchecked.
  21. Under Name ID format, select EMAIL.
  22. Click CONTINUE
  23. On the next screen, add the following mappings, and then click
Google Directory attributes App attributes
First name givenname
Last name surname
Primary email emailaddress

You have now enabled SSO for your account! Communicate the new portal hostname to your users, as they will be unable to log in using portal.seeheru.com.

The first time you try to use the SSO hostname to log in, you may get a certificate error.  Try again in a minute or two; the system is busily generating and fetching an SSL certificate.