Identity management at NewStore via Google Workspace
Pre-requisites​
To set up an identity management application to manage authentication for NewStore apps, ensure that you have access to:
- Omnichannel Manager
- Google Workspace admin console
To enable users from your corporate directory to be able to use the NewStore applications, you have to create users, assign them to a store, and assign relevant roles in NewStore.
Setting up Google Workspace with NewStore​
This process involves working with Google Workspace and Omnichannel Manager in tandem. Ensure you have access to both before you proceed.
Log into your Google Workspace and verify that every user has admin permissions.
Go to the
Adminapp.In the
Google Adminconsole, go toHome > Apps > Web and mobile apps.Click
Add Appand selectAdd custom SAML appfrom the drop-down menu.In the
App detailsscreen that appears, enter a name for this new app that is related to the NewStore environment name. For example,NewStore Platform Staging.(Optional) Choose an icon for the new app.
Click
Continue.In the
Option 1: Download IdP metadatascreen that appears, click theDOWNLOAD METADATAbutton and save the XML file locally on your computer.Click
Continue.Open
Omnichannel Managerin a new tab.Click
Settings>Users & Roles>Single Sign-On.Click
Configure Single Sign-On.Select Vendor
GOOGLE.Upload the XML file with IdP metadata from Step 7.
Click
Connect.Switch back to the
Google Workspacetab.In the
Service provider detailsscreen that appears, enter values for the following fields:
ACS URL: Paste theACS URLvalue from the Omnichannel Manager tab.Entity ID: Paste theEntity IDvalue from the Omnichannel Manager tab.Name ID format: SelectEMAIL.Name ID: SelectBasic Information > Primary email.
Click
Continue.In the
Attributesscreen that appears, select the Google directory attributes and specify their corresponding app attributes.Click the
ADD MAPPINGbutton and add following attributes:Google Directory attributes > Basic InformationApp attributesPrimary emailemailFirst namefirstNameLast namelastNameClick
Finishto save the mappings.
Google Workspace is now successfully set up to work with NewStore apps on your side.
You have to repeat these steps for each NewStore environment that you want to set up.
Enabling groups and users​
Go to the
User accesssection in theNewStore Platform Stagingapp.Enable the app for the group or number of users that must be allowed to log into the specific NewStore environment.
Use the following options:
Allow access to everyoneAllow access based on membership in a GroupAllow access based on membership in an Organizational Unit
After you have decided about the groups or number of users, select them and activate the service for them.
- Google refers to the
Appas aservicein this scenario. - Ensure that
User accessis not to set toOFF for everyone, which prevents users from logging into the NewStore applications.
Updating configured SSO with Google Workspace in Omnichannel Manager​
Log into your Google Workspace and verify that every user has admin permissions.
Go to the
Adminapp.In the
Google Adminconsole, go toHome > Apps > Web and mobile apps.Click on
Service provider detailsClick on
Manage certificatesClick
ADD CERTIFICATEYou should have 2 certificates. Download the
.pemfile of the newly created certificate.Open
Omnichannel Manager.Click
Settings>Users & Roles>Single Sign-On.Click on the displayed name
GOOGLE.Click
Replace fileand upload the.pemfile you downloaded from Google Workspace in step 7.ImportantEnsure that this certificate exists and is valid in Google Workspace. There is no way to revert after updating the certificate.
Click
Update.Click
Confirm.
You have successfully rotated your certificate.
Related topics