Enable SAML App for a group of users in G-Suite using Organization
-
Follow See Google Idp for SAML Integration to create a SAMLVPN application.
-
Repeat the following steps to create users in G-suite Google Admin console and leave them under the root organization.
2.1. Go to G-suite Google Admin console, select Users.
2.2. Click Add new user.
2.3. Enter user information. In this example, Aviatrix Support is the root organization.
2.4. Click DONE.
-
Define a sub-organization saml access org within your root organization.
3.1. At G-suite Google Admin console, select Organizational units.
3.2. Click + to add a new organization under your root organization.
3.3 Create a sub-organization, e.g., saml access org.
-
Turn on SAMLVPN application for saml access org.
4.1. Go back to G-suite Google Admin console and select Apps.
4.2. Select SAML apps.
4.3. Select the SAMLVPN App created in step 1.
4.4. Click EDIT SERVICE to enable/disable SAMLVPN app for the selected organization.
4.5. Turn off SAMLVPN for root organization (Aviatrix Support).
4.6. Turn on SAMLVPN for saml access org.
-
Assign users to SAMLVPN app by moving users into saml access org.
5.1. Go back to G-suite Google Admin console and select Users.
5.2. Select the user for SAMLVPN app (e.g., Dan Smith) and click Change organizational unit.
5.3. Select saml access org.
5.4. Confirm the change.
5.5. Review the change.