OpenAM can serve as the identity provider when you use Google Apps for Business.

Install & Configure OpenAM

  1. See the latest draft of theĀ OpenAM Installation Guide for instructions.
  2. Configure a certificate for the Signing Key in the OpenAM key store.
    The key store is under the OpenAM configuration directory, for example $HOME/openam/openam/keystore.jks.
  3. Set up a identity repository for your users.
    Your users must have the same user IDs in OpenAM and in Google Apps.

Create a Hosted Identity Provider

  1. In the OpenAM console Common Tasks page, click Create Hosted Identity Provider.
  2. Accept the default values, and provide a name for your New Circle of Trust before clicking configure.
  3. On the "What would you like to do next?" page, click configure Google Apps.

Configure Google Apps for Single Sign-On

  1. Add the domain name you registered with Google Apps in the Configure the Remote SP list.
  2. Click Create.
  3. On the "Google Apps Single Sign-On Configuration" page, download a copy of the Verification Certificate.

Enable Access to the Google Apps API