Skip to main content

Enable SSO behavior in Google Apps with Firefox and Firefox SSO testing

Introduction

This document explains how to enable SSO behavior in Google Apps using a Firefox browser, and how to perform SSO testing using Firefox.

Configuration Steps

Note: The desktop SSO behavior can be achieved in Firefox with a one-time configuration change in the user computer's Firefox browser.

  1. Complete the SecureAuth Authentication into Google Apps Configuration Guide

  2. Start Firefox

  3. In the address bar, type about:config. When asked to proceed with caution, continue.

  4. Once loaded, perform a search for network.automatic

  5. You should see a search result of network.automatic-ntlm-auth.trusted-uris

  6. Double-click that text to modify it; type in the SecureAuth domain name (i.e. https://your_SecureAuth_FQDN.com)

  7. Click "OK" and close Firefox

Note

Optional: If you wish to specify multiple domains, use commas to separate them; e.g.: https://secureauth.domain1.com, https://secureauth.domain2.com

5668871.png

Firefox Testing Steps

Firefox Internal Testing

  1. Be sure the test user is already logged on the domain via Windows.

  2. Start a Firefox web browser session.

  3. Navigate to your Google Apps FQDN (e.g. www.your-google-apps-domain.com)

  4. The browser session should redirect to SecureAuth, and SecureAuth will retrieve the Windows domain credential and then SSO into Google Apps. Depending on whether translation is enabled, it will either be logged in using the same domain login, or will be using a different SSO ID retrieved from a specified AD attribute.

  5. The test user is expected to log into Google Apps without typing in any credential again besides the initial Windows log on. All the user should see is a short pause while SecureAuth is processing, and then the user should be logged into Google Apps.

Firefox External Testing

  1. Start a Firefox web browser session.

  2. Navigate to your Google Apps FQDN (e.g. www.your-google-apps-domain.com)

  3. The browser session should redirect to SecureAuth, and IIS will detect that this computer is outside of the trusted IP range. The user's browser session will then be redirected to the External Access realm (e.g.: SecureAuth2) which is configured to conduct 2-Factor Authentication.

  4. The test user then executes 2-Factor authentication via SecureAuth and is logged into Google Apps.

In this section: