Google Apps with Shibboleth 2 & Edugate

A SAML IdP can enable SSO between your institution and Google Apps.
There are three main steps to achieving this
1. Provisioning accounts
2. Enabling Google Apps in your IdP and Google Apps
3. Adding High availability to your IdP

1. Provisioning accounts
Accounts must be provisioned within Google Apps before SSO will work. This can be achieved using flat file uploads, directory synchronisation tools or other custom tools that utilise the Google Apps API. The Google Apps Directory Sync tool synchronises account data from your institutional directory to Google Apps.
The tool is available here;
http://www.google.com/support/a/bin/answer.py?hl=en&answer=106368
Google have a 30 minute video explaining how this tools can be used at the above location

2. Enabling Google Apps in your IdP and Google Apps
USC have a good guide on how to enable Google Apps in your Shibboleth IdP, see https://shibboleth.usc.edu/docs/google-apps/

A similar guide is available for SimpleSAMLphp at http://rnd.feide.no/content/simplesamlphp-idp-google-apps-education.
Vendors of federated IdP's may also have HOWTO style documentation similar to the above

3.Adding high availability to your IdP
Your IdP will play an increasingly important role in your institution when using services such as Google Apps, and particularly Google Apps Email for student/staff email. We recommend your IdP is enhanced with high availability, the attached guide shows one simple way this can be achieved, however, we recommend that whatever high availability solution your institution normally uses for your other critical web-services should be adopted to your IdP rather than using the above solution.

4. Integration with Edugate

The Edugate Resource Registry can be used to configure most of the technical changes to your IdP will need to make to faciliate access to Google Apps, contact noc@heanet.ie for details