> For the complete documentation index, see [llms.txt](https://enterprise.hideez.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://enterprise.hideez.com/hideez-server-integration/saml-integration/google-workspace.md).

# Google Workspace

## Steps to Configure Hideez Server as an Identity Provider (IdP)

### **1. Set Up Hideez Server as an IdP**

#### **1. Access SAML Configuration:**

* In the Hideez Server dashboard, navigate to **Parameters → Settings → SAML**.

<figure><img src="/files/DADLLEteDKkAY4yEcdQz" alt="" width="563"><figcaption></figcaption></figure>

#### **2. Download or Create .pfx Certificate**

* The .pfx certificate contains both the public certificate and private key. You can:
  * **Download an existing certificate:** Select the certificate, enter the password, and download.

<figure><img src="/files/6ox2eLUke7hJMXLjaQG2" alt="" width="563"><figcaption></figcaption></figure>

* **Create a new self-signed certificate:** Click **Create and Download**, enter the password, and download.

<figure><img src="/files/1DVxfITKswsq0IL9w10d" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
A certificate with the `.pfx`extension is a file that contains both the public certificate and its private key, as well as the complete certificate chain up to the root Certificate Authority (CA). The file is usually password-protected and used for authentication, encryption, and establishing secure connections                                                            &#x20;
{% endhint %}

#### 3. **Download or View IdP Components**

1. **Identity Provider Public Certificate (.cer):** Contains only the public key and is used for server authentication and data encryption.
2. **Identity Provider Metadata:** Provides essential IdP details required for interaction with SPs.

<figure><img src="/files/hTFHQX0j55KLGuHDdkuC" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
**Identity Provider public certificate** is a certificate with the `.cer` (or `.crt`) extension is a file that contains only the public key and certificate information but **does not include the private key**. Its primary purpose is to authenticate the server or user and to encrypt data.

`.cer` files are used to secure connections, such as HTTPS for websites, client and server authentication in networks, and in various corporate applications.

**Identity Provider (IdP**) metadata is a file or set of data that provides essential information about your IdP to enable proper interaction with Service Providers (SP) in a SAML (Security Assertion Markup Language) context.

Some **Service Providers** provide users with metadata files. In this case, all required fields will be filled in automatically after importing the metadata file.

Otherwise, you can configure settings **manually**. In this case, the settings depend on the specific **Service Provider.**&#x20;
{% endhint %}

### **2. Add Service Provider (SP)**

#### **1. Configure Settings on the Service Provider Side (SP)**

* Here’s an example for **Google Workspace**:
  * Go to [**admin.google.com**](https://admin.google.com/).
  * Navigate to **Menu → Security → Authentication → SSO with third-party IdP**.
  * Under **Third-party SSO profiles**, click **Add SAML profile**.
  * Enter a profile name (e.g., "Hideez Server (IdP)").
  * Paste values from Hideez Server:

    * Issuer / IdP Entity ID  (`e.g., https:// <your hideez server name>`) (1)
    * Login URL  (`e.g., https:// <your hideez server name>/saml/login`) (2)
    * Logout URL (`e.g., https:// <your hideez server name>/saml/logout`) (3)
    * Upload the Identity Provider public certificate (.cer) file (4).

    <div><figure><img src="/files/HgROUG6i8LO1KRzpUGbr" alt=""><figcaption></figcaption></figure> <figure><img src="/files/mShlweLkv7KtmtMbOY3M" alt=""><figcaption></figcaption></figure> <figure><img src="/files/B5bCOoCG2ec1nR2pXJ1n" alt=""><figcaption></figcaption></figure></div>

#### **2. Add Service Provider in Hideez Server (IdP)**

* In Hideez Server, click **Add Service Provider** and enter the SP values:

  * Name (e.g., ⁣`Google Workspace-SAML`)&#x20;
  * Issuer / SP Entity ID (e.g., `https://accounts.google.com/samlrp/unique-id`) **(1)**
  * ACS URL (e.g., ⁣`https://accounts.google.com/samlrp/unique-id/acs)` **(2)**
  * Click **Add**

  <div><figure><img src="/files/ojbckFGMJYndXR2XBcrb" alt=""><figcaption></figcaption></figure> <figure><img src="/files/giVdB8e4HFWFdjYewJHD" alt=""><figcaption></figcaption></figure> <figure><img src="/files/o6gYjl8JphWPPyINrSik" alt=""><figcaption></figcaption></figure></div>
