Integrate GSuite SSO with Jumpserver
Integrate GSuite with Ezeelogin SSH Gateway
Note: SAML is an authentication mechanism for web applications. It's based on web protocols and it cannot be used for user authentication over SSH.
1. Login to the Google Workspace Admin console and add the application.
2. Add the application name and click on the continue button.
3. Copy SSO URL, Entity ID, Certificate and paste them into Ezeelogin GUI and save the SAML settings.
Metadata URL -> SSO URL
Entity ID -> Entity ID
Single Sign On Service URL -> SSO URL
Signing Certificate -> Certificate
4. Copy ACS URL and Entity ID from Ezeelogin GUI and paste them into google console service provider details.
ACS URl -> Assertion Consumer Service URL
Entity ID -> Entity ID
5. Map primary email with the username and click on the finish button.
6. Turn on access to every user to use the application. Click on OFF for everyone and change the access to ON for everyone and click on the save button.
7. Add a new user to use the application.
8. Change Web panel Authentication to SAML from Ezeelogin GUI > Settings > General >Authentication

12. You can log in to Ezeelogin shell via Webssh shell or using any SSH client such as Putty or terminal etc.
WebSSH: Click on the 'Open Web SSH Console' icon to SSH via the browser
WebSSH terminal will open like below. Users can navigate the server group with the Up and Down arrow buttons and enter to login into the server.
Native SSH Client: After resetting the password and security code you can SSH to the Ezsh shell (using Terminal or Putty) with the SAML username.
You need to add a different email address for each user. By default, Ezeelogin uses email addresses for creating users.
If you want to add an existing user in Ezeelogin to SSO, Add the user with the exact username and email address as follows. (Ezeelogin will verify with the email address of the users by default). Make sure to add the email address for the Ezeelogin Administrator user.
SAML authentication is not supported for slave if the URL is IP based. If you want to authenticate slave using SAML you have to use the domain name.