No Google act as proxy for SAML IDP What Google identity platform does
User Request: The user initiates a request to access an application that is configured to use Google's Identity Platform for authentication.
Google Identity Platform as a Proxy: The Google Identity Platform acts as an intermediary (or proxy) for the authentication process. It is configured to use SAML (Security Assertion Markup Language) as the authentication protocol.
Redirect to the SAML Identity Provider (IdP): Based on the SAML configuration, the Google Identity Platform redirects the user to the login page of the specified SAML Identity Provider (IdP) — for example, Microsoft’s identity service.
User Logs In: The user provides their credentials on the SAML IdP’s login page (e.g., Microsoft login), and the IdP authenticates the user.
Return to Identity Platform: After successful authentication, the SAML IdP generates a SAML assertion and redirects the user back to the Identity Platform's specified redirect URL. This is typically a backend service managed by Google.
Token Creation (JWT): The Google backend service receives the SAML assertion artifact, processes it, and creates a JSON Web Token (JWT) that contains the user's authentication details and claims.
Redirect with JWT: The backend service then redirects the user to the original application with the JWT attached. The JWT is used by the application to validate the user's identity and grant access.
In essence, Google’s Identity Platform acts as a middleman that facilitates SAML-based authentication. It redirects the user to the IdP for login, processes the authentication response, and returns a JWT to the application, allowing it to verify the user's identity and provide access to the requested resources.