To log users into Google Apps for Domains without having to provision them with passwords etc, you can use the SAML enabled Google Apps connector from OneLogin.

NOTE: Google Apps usernames are the email alias of users. Do not provide SAML access to your Google Apps account for other users than those on your domain. If you invite a user from another domain into your OneLogin account, you might accidently give that user access to Google Apps. 

Follow these step to configure Google Apps and OneLogin for SAML:

1. Click here to download your certificate file
2. Log in to the Google Apps Dashboard
3. Click Advanced tools then Set up single sign-on (SSO)
4. In the field Sign-in page URL, insert the value from the App page in OneLogin
5. in the field Sign-out page URL, insert https://app.onelogin.com/client/apps
6. In the field Change password URL, insert https://app.onelogin.com/password
   
   
7. Click Save changes
8. In OneLogin, go to the dashboard and click Find apps
9. Select the Google Apps connector
10. Under Authentication method, click SAML
11. In the Domain field, type the name of your Google Apps domain (e.g. 'mycompany.com')
12. Click Update

POP3/IMAP Passwords

Once you enable SAML in Google Apps, users can no longer change the password their POP3/IMAP mail client uses to retrieve mail. Make sure you enter your administrator email and password when setting up the app, as this is required for users to set their mail client password via the dashboard. This is done by editing the Google Apps login and then selecting Change Password.

Linking directly to Mail, Docs, Calendar and Sites

You can use regular bookmarks to jump directly to Mail, Docs, Calendar and Sites. See this tip for how.