Integrate with Google (SAML) – ML Binders

Users with Administrator role can set up a SAML integration with Google. This integration creates user accounts as users log in for the first time.

This is a three-step process:

In Google, add a new SAML application.
In Facilities Binders, configure SAML.
In Facilities Binders, set default roles for users who log in via Google SAML.

Important: Because of the technical knowledge required, your district's IT administrator will most likely need to perform this procedure.

Step 1: In Google, add a new SAML application.

A few things to take note of while setting up the SAML application:

Fields are case sensitive.

You will need the Entity ID ( which matches the ACS URL), Google Issuer URL, and certificate information to enter into Facilities Binders.

Note: Enter https://XXXXX.mlbinders.com/MLSAMLConnect.aspx in the Entity ID and ACS URL fields. Replace “XXXXX” with your custom Facilities Binders subdomain.

From the Name ID format field, select PERSISTENT.
From the Name ID, select Basic Information > Primary email.
In Attribute mapping, Google Directory attributes section, you need to match the text exactly as follows:
- Basic Information
  - Primary email -> Email
- Employee Details
  - Employee ID -> ExternalId
- Basic Information
  - First name -> FirstName
- Basic information
  - Last name -> LastName
In Attribute mapping, under Group membership, it is required to put Group in the App attribute field and enter names of the Google groups that can log in via SAML.

Note: Google’s interface and field names may have changed since this was written. Use these steps as a general guide, and select the closest matching options in your Google portal.

Step 2: In Facilities Binders, configure SAML

Note: A user with the Google super administrator role is required to perform this task.

Select Settings > Single Sign On > SAML Configuration. The SAML Integration Admin page appears.
Next to Google, click . A pop-up appears.
Do the following:
1. Under Issuer, enter your Google issuer URL.
  
  Note: You can copy the issuer URL from Google Admin Console. In Service Provider Details, click Manage Certificates, copy the Entity ID field and paste it here.
2. To let users sign in with Google option on the Facilities Binders login page, enter the Login Link.
  
  Note: To obtain this, click the Google apps icon (). Right-click the SAML app for Binders, click Copy Link Address, and then paste the link.
3. Under Certificate, enter the certificate.
  Notes:
  
  You download this from Google, then enter it here.
  
  On the certificate, remove ---Begin Certificate--- and ---End Certificate---.
Click Save.

Step 3: In Facilities Binders, set default roles for users who log in via Google SAML

Note: You can create as many SAML groups as you want. When a user first logs in, they are assigned a role based on the group they belong to. You can also manage additional roles in Facilities Binders, but cannot remove these default roles.

Select Admin > Single Sign On > SAML Group Settings. The Manage SAML Groups page appears.
Click +Add SAML Group. A pop-up appears.
Do any of the following:
1. Enter a Group Name.
  
  Note: This will be the group name established in Google.
2. Select the desired Role.
3. Select the desired Organization.
Click Save.
Repeat steps 2-4 for each group you want to add.