Skip Ribbon Commands
Skip to main content

Using Google to Authenticate with SharePoint 2013

Collaborate with External Partners using Google Accounts

Brian Jones

05/06/2015

Having an on-premise SharePoint extranet is a great first step towards external collaboration, but giving out Windows credentials isn't a long term solution to managing external accounts. Active Directory federation isn't within the capabilities of many small businesses. One solution is to allow partners to login with their own cloud credentials, in this instance managed by Google, enabled by Azure.

Step 1: Create Google Account

  • Go to the Google developers console  ​
  • Sign in if you have an account, otherwise create an account and log in
  • Click on Create Project
  • Enter a name for your project e.g. SharePoint Authentication and click Create
The project will now be created it will take a few seconds and then you will be taken into the app.
  • Click on APIs & auth
  • Click on Consent Screen
  • Enter a name for your project and click Save
  • Click on Credentials
  • Click on Create new Client ID
  • Select Web application and click on Create Client ID
  • Copy the Client ID and Client secret from the screen that is displayed
Step 2: Create Windows Azure Access Control Namespace
  • Select App Services, Active Directory and finally Access Control
  • Enter a name for your access control namespace, select the region you are in and click Create
  • Click on Active Directory from the navigation menu on the left
  • Click on Access Control Namespaces
  • Select the namespace that you have just created and click on Manage
Step 3: Configure Access Control Service
  • Click on Identity providers
  • Click on Add
  • Select Google and click on Next
  • Enter the Client ID and Client secret that you copied from your Google app in step 1 and click Save
  • Click Relying party applications
  • Click on Add
  • Enter a name for the replying party application in the name field
  • In Realm enter the URL of your SharePoint web application
  • In return URL enter the URL of your SharePoint web application followed by /_trust
  • In the token format select SAML 1.1
  • Change the token lifetime (secs) to 700 and click Save
  • Click on Rule Groups
  • Click on Add
  • Enter a name for the rule group and click Save
  • Click on Generate
  • Select     Google     and click on Generate
  • Click Save
Step 4: Certificates and Keys
  • Click on Certificates and Keys
  • Click on Save
  • Select your relying party application from the drop down list (You created it in step 3)
  • On the page copy the MakeCert command
  • On your client machine you will need to generate a certificate to be used for the trust. Launch a command prompt as administrator, navigate to the directory where makecert is installed and run the copied command.
  • If you don't have makecert you can get it from here: makecert
  • The certificate will be deployed to your certificate store, you will need to export a .CER and .PFX.
  • Click on start > run, enter MMC and click OK
  • In the console click on File > Add/Remove Snap-in
  • Select certificates and click Add
  • Select My user account and click finish
  • Click Ok
  • Expand Certificates – Current User
  • Expand Personal
  • Select Certificates
  • In the certificates list you should see your new certificate
  • Right click on the certificate, select All tasks > Export
  • Click next
  • Select No, do not export the private key and click next
  • Click next leaving the defaults
  • Click browse, enter a suitable name for the certificate e.g. Auth and save the file somewhere suitable.
  • Click Save
  • Click Next
  • Click Finish
  • Click OK on the success message
  • Right click on the certificate, select All tasks > Export
  • Click next
  • Select Yes, export the private key and click next
  • Click next leaving the defaults
  • Select Password and enter a password (remember this you will need it) and click next.
  • Click browse, enter a suitable name for the certificate e.g. Auth and save the file somewhere suitable.
  • Click Save
  • Click Next
  • Click Finish
  • Click OK on the success message
  • Return to your access control service browser window.
  • Click on Browse
  • Browse to the .pfx file you created in the previous step and click open
  • Enter the password and click Save
Step 5: SharePoint Configuration
  • Logon to your SharePoint server
  • Copy the .cer file you created in a previous step to the server
  • Open the SharePoint Management Shell as administrator
  • Run the following PowerShell commands

    $realm = "http://my.sharepoint.com"

  • Where the url is the url of your SharePoint web application

    $signinurl = "https:// mysharepointlogin.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=https://my.sharepoint.com/"

     
  • Replacing the highlighted sections with your access control service URL and your web application URL

    $certlocation = "C:\Certificates\auth.cer"

  • Replacing the path with the location of your .cer file

    $rootcertificate = Get-PfxCertificate $certlocation

    New-SPTrustedRootAuthority "MyGoogleSharePointLogin" -Certificate $rootcertificate

    $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certlocation)

    $ClaimTypingMapping = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming

    New-SPTrustedIdentityTokenIssuer -Name "Google Authentication" -Description "Google Authentication" -Realm $realm -ImportTrustCertificate $certificate -ClaimsMappings $ClaimTypingMapping -SignInUrl $signinurl -IdentifierClaim "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"

 
  • Once you have run the PowerShell commands you will need to add the identity provider to your web application.
  • Open SharePoint Central Administration
  • Click on Application Management
  • Click on Manage Web Applications
  • Select the Web Application that will be using Google for authentication
  • Click on authentication providers in the toolbar
  • Select the relevant zone, this will be default if you only have one zone.
  • Scroll down the window, select Trusted Identity provider and select Google Authentication

Step 6: Testing

  • Open a web browser and navigate to your root site collection on the web application. You should get a drop down list showing the logon options.
  • Select Google Authentication and you should get the Google authentication page.
  • Enter your google credentials and click sign in.
  • You should be returned to your SharePoint page. You will probably be given an access denied message because the account has not been given any rights to your site. Just grant rights as you would normally.
  • When granting rights to Google users you will need to use the full email address. People picker will not resolve the name unless the user is already added but you will still be able to add new users.

 About us

Fuse Collaboration Services is a Cloud Solution Provider and Microsoft Gold Partner specialising in delivering SharePoint, Skype for Business, and Azure cloud-based solutions. Based in Northampton, UK.

Microsoft Gold Partner Logo showing 5 competencies

Read more

 Latest Tweets

 Latest Blog

 

 

Have you forgotten about the WannaCry Cyber Attacks already?373<p style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">The NHS cyber attacks were less than two weeks ago yet it feels like it’s been far longer. So much has happened since and if updating your IT infrastructure was on your agenda but has now been put to one side due to other tasks taking priority read on…..</font></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Nobody in the IT world wants to say “I told you so” following &#160;the recent events but the NHS cyber attack should&#160;have made Managing Directors globally, &#160;sit up and listen to their IT advisors. Everyone knows that technology evolves at an alarming pace and our generation has seen the fastest change in this… at least until we land on Mars. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">This means instead of ignoring the IT gurus, we should be taking on board their advice and expertise, particularly around cybersecurity; trust us, it’ll save you money in the long run. Why are we not listening to the experts who thankfully know everything about ransomware, patch management, nibbles, craplets and&#160;DOS attacks? (High five if you know any of that!)</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Put it this way&#58; If a doctor told you that you had a hole in your heart requiring immediate surgery, otherwise it’s game over, you would agree to it being patched up immediately, right? The health of your business is just as critical. The body of your business is reliant on your IT infrastructure for keeping your business profitable whilst also allowing the lunchtime google sessions! Your out of date software, your lack of adequate back up and your ancient operating system are causing holes that are potentially lethal for your business. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Hackers are more advanced now than ever before , potentially sitting In your system undetected for, on average, over two hundred&#160;days. You need to be ready with the most up-to-date defences you can. The most frustrating part of what has recently happened is that there will be companies out there who will listen to the news, read it in the papers and yet still take the risk, genuinely believing that it will happen to them. If it hasn’t already been drilled in, take a look at a breakdown of last years’ statistics&#58;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><a href="http&#58;//www.hackmageddon.com/category/security/cyber-attacks-statistics/"><span style="text-decoration&#58;underline;"><font color="#0563c1" face="Calibri" size="3">http&#58;//www.hackmageddon.com/category/security/cyber-attacks-statistics/</font></span></a></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Still don’t think you’re at risk?</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;​</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font face="Calibri"><font size="3"><font color="#000000">If the cost implication of a hack doesn’t shock you in to action (and after reading these five case studies from top corporate losses I think it will - </font><a href="https&#58;//hotforsecurity.bitdefender.com/blog/top-5-corporate-losses-due-to-hacking-1820.html"><span style="text-decoration&#58;underline;"><font color="#0563c1">https&#58;//hotforsecurity.bitdefender.com/blog/top-5-corporate-losses-due-to-hacking-1820.html</font></span></a></font></font><font face="Calibri"><font color="#000000" size="3">), then what about the other crippling effects of a hacking that, ultimately, could have been prevented?</font></font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Your reputation would take a hit, especially if thousands of customer’s valuable data including their full names, logins, passwords, e-mails, home addresses, purchase history, and credit card numbers are stolen. It’s a company’s responsibility and legal requirement to keep this information safe. Your customers may jump ship to another competitor, meaning a further hit on your profitability. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">In 2016, two thirds of large UK businesses were hit by a cyber breach or attack. Could this number have been reduced? We know it can.</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Fuse Collaboration are experts in the following&#58;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><ul style="margin-top&#58;0in;"><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Cyber Security</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Patch management</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Back up</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Sharepoint</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Azure</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Office 365</span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">System Center </span></li><li style="margin&#58;0px 0px 0px 3px;color&#58;#000000;font-family&#58;&quot;calibri&quot;,sans-serif;font-size&#58;11pt;font-style&#58;normal;font-weight&#58;normal;"><span lang="EN-GB" style="margin&#58;0px;">Dynamics CRM</span></li></ul><p style="margin&#58;0px 0px 0px 51px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;"><font color="#000000" face="Calibri" size="3">Our services include a bespoke combination of business consulting, </font></span><span lang="EN-GB" style="margin&#58;0px;color&#58;#302e2f;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;">infrastructure design, SharePoint development and managed services and as a </span><span lang="EN-GB" style="margin&#58;0px;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;"><font color="#000000">certified </font><span style="margin&#58;0px;color&#58;#302e2f;">Microsoft Gold Partner you have that added reassurance that your business is in the right hands</span><font color="#000000">. </font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;"><font color="#000000">&#160;</font></span></p><p style="margin&#58;0px;"><span lang="EN-GB" style="margin&#58;0px;font-family&#58;&quot;segoe ui&quot;,sans-serif;font-size&#58;10.5pt;"><font color="#000000">Any upgrades to your infrastructure can be phased in over a time suitable to your users, business demands and your budget. Our team are experts in delivering what you want - call us on 01604 797979</font><span style="margin&#58;0px;"></span></span></p><p>​​</p>l.ozier@fusecollaboration.com | Louise Ozier | 693A30232E777C6675736563735C6C2E6F7A696572 i:0#.w|fusecs\l.ozier24/05/2017 23:00:002017-05-24T23:00:00Z25/05/2017 14:27:14http://www.fusecollaboration.com/ourblog/Pages/Forms/AllItems.aspxhtmlFalseaspx

 Contact us

Our address
12-14 Brookfield, Duncan Close
Moulton Park, Northampton
NN3 6WL
P: +44(0)1604 797979
Contact Us