How to enable SSO (Single Sign On) for your Google Apps site
Enabling SSO for your Google site will allow Stanford users to log into the site with their SUNet IDs via WebAuth instead of a separate google.com ID and password.
Important: before you make any of the changes described below, you need to let us know the Stanford domain name used in your Google Apps site. Please submit a HelpSU request for the shibboleth administrators and wait for confirmation that the necessary configuration changes were installed before proceeding.
Here are the instructions provided by Google:
For the sign-in page, use https://login.stanford.edu/idp/profile/SAML2/Redirect/SSO. You can use https://login.stanford.edu/idp/profile/Logout for the logout URL and https://stanfordyou.stanford.edu/ for the password reset URL. For the verification certificate, save and then upload the SSL certificate for idp.stanford.edu: idp.crt. Lastly, be sure to disable the option called "Use a domain specific issuer."
After saving the changes, you should be able to log in via WebAuth by visiting
https://sites.google.com/a/<hostname>.stanford.edu and clicking on the link in the top left of the page.