Anthropic-Cybersecurity-Skills/skills/implementing-google-workspace-sso-configuration/references/api-reference.md

API Reference: Implementing Google Workspace SSO Configuration

SAML 2.0 Endpoints

Endpoint	URL
SP ACS URL	https://accounts.google.com/samlrp/acs?rpid=RPID
SP Entity ID	google.com/a/DOMAIN
SP Metadata	https://accounts.google.com/samlrp/metadata?rpid=RPID

Admin Console Path

Admin Console > Security > Authentication > SSO with third-party IdP

SAML Configuration Fields

Field	Description
Sign-in page URL	IdP SSO endpoint (HTTPS required)
Sign-out page URL	IdP SLO endpoint
Change password URL	IdP password change page
Verification certificate	IdP X.509 signing cert (PEM, RSA 2048+)
Domain-specific issuer	Use domain in SAML issuer

Certificate Validation (Python cryptography)

from cryptography import x509
cert = x509.load_pem_x509_certificate(pem_data)
print(cert.not_valid_after_utc)
print(cert.subject.rfc4514_string())
print(cert.public_key().key_size)

Admin SDK Reports API (Login Activity)

from googleapiclient.discovery import build
service = build("admin", "reports_v1", credentials=creds)
activities = service.activities().list(
    userKey="all", applicationName="login",
    eventName="login_success").execute()

Common IdP Providers

IdP	SAML SSO URL Pattern
Okta	https://DOMAIN.okta.com/app/APP_ID/sso/saml
Azure AD	https://login.microsoftonline.com/TENANT/saml2
ADFS	https://ADFS_HOST/adfs/ls/
Ping Identity	https://sso.connect.pingidentity.com/sso/sp/initsso

References

• Google Workspace SSO: https://support.google.com/a/answer/60224
• SAML 2.0 Admin Guide: https://support.google.com/a/answer/6349809
• Admin SDK: https://developers.google.com/admin-sdk/reports/v1/guides/manage-audit-login