Business grade sign-in flows are highly reliable, and in many cases, users will need to use other web applications. Managing several high security credentials at the same time can be too cumbersome for users.

With SSO, members of the organization can use their G Suite credentials to safely identify themselves on third-party applications.

To configure SSO, follow the appropriate steps, depending on whether you will be using Google identity provider or a third-party service:

• Setup SSO with Google identity provider. To use Google credentials for SSO, follow these steps:
  
  1. Copy the SSO URL or the Entity ID. This will be used by the applications to get the login information:

• 2. Click DOWNLOAD CERTIFICATE.
  3. Click DOWNLOAD IDP METADATA:

• 4. Register the information that was gathered in steps 1, 2, and 3 into the third-party service providers.
• To use a custom identity provider, enable Setup SSO with third party identity provider, and then follow these steps:
  
  1. Type the external Sign-in page URL.
  2. Type the external Sign-out page URL.
  3. Type the external Change password URL. Users who are not administrators of this domain will be taken to the following page:

• 4. Click CHOOSE FILE.
  5. Upload the Verification certificate.
  6. Use a domain-specific issuer.
  7. If you need to target only specific IPs, you can define a Network mask; if none are provided, SSO will be globally applied. Several network masks are possible by separating them with a semicolon.

These settings can be seen in the following screenshot:

With SSO, the organization can use a single identity provider across all applications, so they only need to log in once, and the session will be valid for all approved applications.

In the next section, you will learn about Google session control and how it can help you control how often users need to sign in.