Using Google Single Sign-On (SSO) With Sugar
Did you know that there’s a way to access Sugar, your email, and your other favorite tools with one login? Well, it’s possible, thanks to Sugar allowing the use of Single Sign-On (SSO).
Log In. Just Once.
Over the last decade, agility became a must in keeping up with technology and the Internet has seen the boost of SAML Single Sign-On. (SSO) is a fast way of authenticating through an identity provider into websites and software with one account of your choice. This makes signing up for and into accounts easier and safer, as you only need to know one set of login credentials.
The Security Assertion Markup Language (SAML) is an open standard that determines how the providers can offer both authentication and authorization services, allowing a user to log in just once and gain access to different applications, without the need to re-enter login credentials for each application. How does this sound?
Benefits
Are you wondering why you would want to do this (apart from the obvious ease of remembering only one password)?
Well, the ability to log in with one set of credentials improves workflow and security in the blink of an eye. It eliminates credential reauthentication, minimizes phishing, and improves compliance through a centralized login database. The passwords are always handled securely and if at some point your account is compromised in any way, you only need to change and secure only one password.
We’d like to mention boosting productivity as well. We all know how frustrating it can get to handle complex passwords for each service you use. Forgetting and recovering a password is a pain! This leads to wasting time and being less productive.
A Better Way for Sugar Users!
Why are we telling you all of this? Because Sugar allows SSO authentication using Google and SAML, making this option readily available to you!
If you’d like to learn more about how this it can make your company safer and more productive, keep scrolling.
Make Sure You Meet the Requirements
It’s time that your employees stop using different passwords for every service login! To do that, make sure you check every point we’ve listed below:
- Your company must have an active Google G Suite account (Basic, Business, or Enterprise).
- Your Sugar users should have accounts in your organization’s G Suite account.
- You must have access to a G Suite administrator account and a Sugar administrator account to configure the SAML settings for your instance via Admin > Password Management.
- You must be familiar with G Suite and how to set up the SSO configurations that meet your organization’s needs.
Follow Our Easy Step-By-Step Guide
1. Add SugarCRM as a SAML Application by using the following steps:
- First, navigate to the Google Admin console in your web browser and log in with your G Suite administrator credentials.
- On the Admin console dashboard, select “Apps”, as shown below:
- On the Apps page, select “SAML apps”
- Next, click the plus (+) icon on the bottom right of the SAML apps page then locate and select “Sugar”.
- In the Option 2 section, click “Download”, then save the metadata file which will be needed later when you configure the SAML authentication in Sugar. Click “Next”.
- On the Basic Information step, enter an application name of your choice (e.g. SugarCRM). Optionally, you can enter a description (e.g. SugarCRM Application) and upload a logo. Click “Next”.
- On the Service Provider Details step, enter the following values into the corresponding fields:
- ACS URL: https://{your-sugar-url}/index.php?module=Users&action=Authenticate
- Entity ID: php-saml
- Start URL: https://{your-sugar-url}/
- Name ID Format: EMAIL
Note: Replace {your-sugar-url} with your Sugar instance’s domain.
- Click “Finish”.
2. Enable the SugarCRM App for Users
All you need to do to enable the SAML application for users is to navigate to Apps > SAML apps in G Suite and select the SugarCRM app.
Click the three-dot icon on the upper right and select one of the following options according to your organization’s requirements:
- On for Everyone: This enables the SAML application for all users
- On for Some Organizations: This enables the SAML application for certain groups and users assigned to those groups
Don’t forget to make sure that the email IDs for your Sugar users match those in your Google domain.
3. Configure Sugar for SAML Authentication
Finally, when configuring Sugar to work with Google, you must:
- Log into Sugar as an administrator and navigate to Admin > Password Management.
- Scroll down to the SAML Authentication section and place a checkmark in the box next to “Enable SAML Authentication”.
- Click the “Import IdP Metadata File” button at the top of the page, locate the metadata file you saved in Step 5 of the Adding SAML Application in the Google section, then click “Open”.
- The Login URL, Entity ID, and X509 Certificate fields will be auto-populated with information from Google. Optionally, complete any other desired fields on the setup page.
- Click “Save” to preserve the settings…and you’re done! Your users can now log into their SugarCRM accounts automatically using SSO.
As you can see, SSO offers a clear user experience, productivity, and cost-saving benefits that shouldn’t be overlooked. If you need assistance or have questions about configuring SSO with Google for Sugar, contact us today.