After the Access Gateway for Cloud and the SaaS applications are configured, you must provide a way for users to access the SaaS applications.
Access Gateway for Cloud includes a sample landing page that contains the links for accessing the SaaS applications. You can use this page or create your own page. Access the sample landing page through the following URL:
https://dns_or_ip_of_appliance/osp/a/t1/auth/app
After entering valid credentials, the sample landing page displays. If you access the sample landing page before configuring the SaaS connectors, the links for the SaaS applications are not displayed. The sample landing page displays the links for the SaaS applications only after they are configured properly.
On the sample landing page, the links for SaaS applications are:
Google Apps for Business: https://dns_of_ag4c_appliance/osp/a/t1/auth/app/its/google?target=https://mail.google.com/a/your_google_domain
Salesforce: https://dns_or_ip_of_appliance/osp/a/t1/auth/app/its/salesforce
If you create your own page, copy the links for the SaaS applications from the sample landing page to your landing page.
If you are creating your own landing page, there are two methods to connect to the SaaS applications. You can use either method for your own landing page.
The user clicks the link https://mail.google.com/a/your_google_domain for a service provider initiated login.
The browser sends a request to Google Apps for Business.
Google Apps for Business redirects the browser session to the appliance for authentication.
The user enters login credentials.
After a successful authentication against the identity source (Active Directory), the appliance redirects the browser session back to Google Apps for Business with a SAML assertion for authentication.
Google Apps for Business receives the assertion, then allows or denies user access based on the content of the assertion.
The user clicks the link https://dns_of_ag4c_appliance/osp/a/t1/auth/app/its/google?target=https://mail.google.com/a/your_google_domain for an identity provider initiated login.
The browser sends a request to the appliance login URL.
The browser displays the Access Gateway for Cloud login form.
The user enters the identity source (Active Directory) login credentials, then successfully authenticates to the appliance.
The appliance redirects the browser session back to Google Apps for Business with a SAML assertion for authentication.
Google Apps for Business accepts the assertion, then allows or denies access based on the content of the assertion.
The following are examples of the different logins:
IDP Initiated Login for Google Apps for Business: https://<dns_of_ag4c_appliance>/osp/a/t1/auth/app/its/google?target=https://mail.google.com/a/<google domain>
IDP Initiated Login for Salesforce: https://<dns_of_ag4c_appliance>/osp/a/t1/auth/app/its/salesforce
SP Initiated Login for Google Apps for Business: There are two options:
https://mail.google.com/a/<google domain>
https://docs.google.com/a/<google domain>
SP Initiated Login for Salesforce: The setup page for this feature at Salesforce is under Setup > Company Profile > My Domain. After Salesforce registers the domain, your URL is similar to the following that allows an SP initiated login:
https://<custom name>.my.salesforce.com