Hideez Identity Cloud
  • Getting Started Guide
    • Key features of Hideez Identity Cloud
    • Quick Start Guide
      • The Hideez Desktop Client
      • Hideez Authenticator App
    • Tennant manegement
      • User Management
        • Passkey
        • Hideez Authenticator App
        • FIDO Security Key
        • Platform Authentication via Windows Hello
        • Password+OTP
      • Workstation management
  • PC Authorization
    • Passwordless Authorization
      • Active Directory
        • Setting Up the Active Directory Certification Authority
        • Setting Up Workstation Passwordless Logon Settings on Hideez Identity Cloud
      • Microsoft Entra ID
    • Password-based Authorization
  • INTEGRATIONS
    • SAML 2.0
      • GitHub Enterprise
      • Google Workspace
      • Okta
    • OIDC (OpenID Connect)
      • Services that support OIDC and their configuration as Client
    • WS-Federation
      • Login to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud
    • Active Directory On-Premises
      • Connect Active Directory to Hideez Identity Cloud
      • ADFS integration
        • Login to Microsoft Exchange OWA Using AD FS and Hideez Identity Cloud as a Third-Party IdP
    • Microsoft Entra ID
      • Synchronization and import employees from Microsoft Entra ID to Hideez Identity Cloud
      • Configuration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDC
    • Chrome OS
  • USE CASES
    • Passkey Login
    • Hideez Authenticator App login
    • FIDO Security Key login
    • Platform login via Windows Hello
    • Password+TOTP login
  • SUPPORT
    • Get Support
    • FAQ
      • What to do if a user loses their key/device and cannot access the site?
      • Can a custom domain name be created for the tenant instead of the default one?
      • Why am I already logged in Hideez, and no authorization occurs when I access my web application?
      • How long does an open authorization session last?
      • How to log out of the web application?
      • Can I administer multiple tenants simultaneously?
      • Can there be multiple administrators for the Hideez Identity Cloud?
    • Glossary
  • Hideez Documentation Portal
Powered by GitBook
On this page
  • Chrome OS Login via Hideez Identity Cloud using SAML SSO
  • Prerequisites
  • Step 1: Configure Hideez Identity Cloud (IdP)
  • Step 2: Configure Google Admin for Chrome OS
  • Demo: Chrome OS Login via Hideez Identity Cloud
  1. INTEGRATIONS

Chrome OS

Chrome OS Login via Hideez Identity Cloud using SAML SSO

This integration enables secure and seamless single sign-on (SSO) for Chrome OS devices using Hideez Identity Cloud as a SAML Identity Provider.

By implementing this configuration, organizations benefit from:

  • Centralized identity management — User authentication is handled by Hideez Identity Cloud across all Chrome OS devices.

  • Consistent login experience — Users log in to their Chromebooks using the same credentials managed by Hideez.

  • Passwordless readiness — While Chrome OS requires a password for login, Hideez Identity Cloud supports broader passwordless strategies across the organization.

  • Use flexible authentication methods, including:

    • Hideez Authenticator

    • Passkeys

    • Password + One-Time Password (OTP)

Prerequisites

Before starting the integration, ensure the following conditions are met:

  1. The user belongs to your organization's domain in Google Workspace. The Google Workspace admin console must manage the user’s account.

  2. SAML SSO must be enabled in Google Workspace. The admin must configure Google Workspace to use a third-party Identity Provider (IdP).

  3. The user exists in Hideez Identity Cloud. The same email address must be present in the Hideez Identity Cloud.

Step 1: Configure Hideez Identity Cloud (IdP)

  1. Log in to the Hideez Server as an administrator.

  2. Go to Settings → Parameters → SAML.

  3. Click Add Service Provider and enter the following:

    • Issuer / SP Entity ID: use the ACS URL from Google Workspace

    • ACS (Assertion Consumer Service) URL: from Google Admin (see Step 2)

    • NameID Format: Email

    • NameID Value: Email

    • Upload the SP certificate if available

  4. Save the changes.

Step 2: Configure Google Admin for Chrome OS

  1. Go to admin.google.com → Menu → Security → Authentication → SSO with third-party IdP.

  2. Click Add SAML profile.

  3. Fill in the following:

    • Profile Name: Hideez Server (IdP)

    • IdP Entity ID: https://<your-hideez-server>

    • Login URL: https://<your-hideez-server>/saml/login

    • Logout URL: https://<your-hideez-server>/saml/logout

    • Upload IdP Certificate: download it from the Hideez Server and upload here

  4. Save the profile.

  5. Assign the profile to a specific organizational unit (OU) or group of users to enable SSO for them.

Demo: Chrome OS Login via Hideez Identity Cloud

Last updated 11 days ago

For more detailed instructions on configuring SAML SSO in Google Workspace, refer to the official documentation: • •

Set up SSO via SAML for your organization – Google Workspace Admin Help
Hideez Identity Cloud SAML Configuration Guide