Overview
This guide will walk you through the process of configuring Single Sign-On (SSO) integration between your application and Google Workspace. This setup enables your users to sign in using their Google Workspace credentials.
Prerequisites:
- Google Workspace Admin account
- Access to Google Cloud Console
- Your application's domain information
Step 1: Enable Google Workspace SSO
1
Access Google Admin Console
Sign in to your Google Workspace Admin console at admin.google.com
2
Navigate to Security Settings
Go to Security → Access and data control → Apps → Web and mobile apps
3
Add Custom SAML App
Click "Add App" → "Add custom SAML app"
Step 2: Configure SAML App Settings
4
Basic Information
Enter the following information:
- App name: Your Application Name
- Description: SSO integration for your application
5
Service Provider Details
Configure the following URLs in your Google Workspace SAML app:
Entity ID
https://yourdomain.com/saml/metadata
ACS URL (Assertion Consumer Service)
https://yourdomain.com/saml/acs
Start URL (Optional)
https://yourdomain.com/login
Step 3: Attribute Mapping
6
Configure Attribute Mapping
Map the following Google Workspace attributes to your application:
Primary email → user.email
First name → user.firstName
Last name → user.lastName
User ID → user.id
Step 4: Download Configuration
7
Download SAML Certificate
Download the X.509 certificate from Google Workspace. This will be used to verify SAML responses.
8
Note the Entity ID
Copy the Entity ID provided by Google Workspace. This will be used in your application configuration.
Step 5: Configure Your Application
9
Enter Configuration Details
In your application's SSO configuration, enter the following details:
Identity Provider Settings
Entity ID: https://accounts.google.com/o/saml2?idpid=YOUR_IDP_ID
Single Sign-On URL: https://accounts.google.com/o/saml2/sso
Single Logout URL: https://accounts.google.com/o/saml2/slo
X.509 Certificate: [Paste the downloaded certificate]
Step 6: Test Configuration
10
Test SSO Integration
Test the SSO configuration by attempting to sign in with a Google Workspace account.
Important: Make sure to test the configuration with a non-admin account first to ensure proper user provisioning.
Troubleshooting
Common Issues
- Certificate errors: Ensure the X.509 certificate is properly formatted and includes BEGIN and END markers
- Attribute mapping issues: Verify that the attribute names match exactly between Google Workspace and your application
- URL configuration: Ensure all URLs are accessible and properly formatted
Support
If you encounter any issues during configuration, please contact our support team with the following information:
- Error messages or screenshots
- Configuration details (without sensitive information)
- Steps taken before the issue occurred
© 2024 Your Company. All rights reserved. | This document is confidential and intended for authorized users only.