# Google Workspace
## Steps to Configure Hideez Server as an Identity Provider (IdP)
### **1. Set Up Hideez Server as an IdP**
#### **1. Access SAML Configuration:**
* In the Hideez Server dashboard, navigate to **Parameters → Settings → SAML**.
#### **2. Download or Create .pfx Certificate**
* The .pfx certificate contains both the public certificate and private key. You can:
* **Download an existing certificate:** Select the certificate, enter the password, and download.
* **Create a new self-signed certificate:** Click **Create and Download**, enter the password, and download.
{% hint style="info" %}
A certificate with the `.pfx`extension is a file that contains both the public certificate and its private key, as well as the complete certificate chain up to the root Certificate Authority (CA). The file is usually password-protected and used for authentication, encryption, and establishing secure connections
{% endhint %}
#### 3. **Download or View IdP Components**
1. **Identity Provider Public Certificate (.cer):** Contains only the public key and is used for server authentication and data encryption.
2. **Identity Provider Metadata:** Provides essential IdP details required for interaction with SPs.
{% hint style="info" %}
**Identity Provider public certificate** is a certificate with the `.cer` (or `.crt`) extension is a file that contains only the public key and certificate information but **does not include the private key**. Its primary purpose is to authenticate the server or user and to encrypt data.
`.cer` files are used to secure connections, such as HTTPS for websites, client and server authentication in networks, and in various corporate applications.
**Identity Provider (IdP**) metadata is a file or set of data that provides essential information about your IdP to enable proper interaction with Service Providers (SP) in a SAML (Security Assertion Markup Language) context.
Some **Service Providers** provide users with metadata files. In this case, all required fields will be filled in automatically after importing the metadata file.
Otherwise, you can configure settings **manually**. In this case, the settings depend on the specific **Service Provider.**
{% endhint %}
### **2. Add Service Provider (SP)**
#### **1. Configure Settings on the Service Provider Side (SP)**
* Here’s an example for **Google Workspace**:
* Go to [**admin.google.com**](https://admin.google.com/).
* Navigate to **Menu → Security → Authentication → SSO with third-party IdP**.
* Under **Third-party SSO profiles**, click **Add SAML profile**.
* Enter a profile name (e.g., "Hideez Server (IdP)").
* Paste values from Hideez Server:
* Issuer / IdP Entity ID (`e.g., https:// `) (1)
* Login URL (`e.g., https:// /saml/login`) (2)
* Logout URL (`e.g., https:// /saml/logout`) (3)
* Upload the Identity Provider public certificate (.cer) file (4).
#### **2. Add Service Provider in Hideez Server (IdP)**
* In Hideez Server, click **Add Service Provider** and enter the SP values:
* Name (e.g., `Google Workspace-SAML`)
* Issuer / SP Entity ID (e.g., `https://accounts.google.com/samlrp/unique-id`) **(1)**
* ACS URL (e.g., `https://accounts.google.com/samlrp/unique-id/acs)` **(2)**
* Click **Add**
.png?alt=media&token=6918f1d5-d3a9-41af-8b9e-32db843e33ed)