Step 1: Google Workspace Admin Console
1. Go to Google Workspace Admin Console
2. Navigate to "Apps" > "Web and mobile apps"
3. Click "Add App" > "Add custom SAML app"
4. Enter the following details:
App name: Your Domain SSO App
Description: Custom SAML application for domain SSO
Step 2: Service Provider Details
1. In the "Service Provider Details" section, enter:
ACS URL: https://yourdomain.com/api/sso/acs
Entity ID: https://yourdomain.com/api
Start URL: https://yourdomain.com/login
Name ID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Step 3: Attribute Mapping
1. In the "Attribute mapping" section, add:
Primary email: Primary email
First name: First name
Last name: Last name
Redirect URI: https://yourdomain.com/approot/sharecode
Step 4: Download Metadata
1. Click "Download" next to "Google IdP metadata"
2. Save this file for your SSO configuration
3. Upload this metadata file in your SSO configuration form
Step 5: User Access
1. In the "User access" section, select:
Turn ON for everyone: Enable for all users
2. Click "Save" to complete the configuration
Configuration Summary
Once you have completed all steps, enter the following information in your SSO configuration:
- Provider: Google Workspace
- Protocol: SAML
- Entity ID: https://yourdomain.com/api
- Single Sign-On URL: [From Google IdP metadata]
- X.509 Certificate: [From Google IdP metadata]
Note: Replace "yourdomain.com" with your actual domain name throughout this guide.
The placeholders above will be automatically replaced with your actual domain when you view this guide in the application.
Step 1: Google Cloud Console
1. Go to Google Cloud Console
2. Navigate to "APIs & Services" > "Credentials"
3. Click "Create Credentials" > "OAuth 2.0 Client IDs"
4. Select "Web application" as the application type
Step 2: Configure OAuth2 Client
1. Enter the following details:
Name: Your Domain OAuth2 App
Authorized redirect URIs: https://yourdomain.com/api/sso/oauth2/callback
Authorized JavaScript origins: https://yourdomain.com
Step 3: Enable Required APIs
1. Go to "APIs & Services" > "Library"
2. Search for and enable the following APIs:
- Google+ API
- Google People API
- Google Identity and Access Management (IAM) API
Step 4: Configure OAuth Consent Screen
1. Go to "APIs & Services" > "OAuth consent screen"
2. Configure the following scopes:
User Info: https://www.googleapis.com/auth/userinfo.email
Profile: https://www.googleapis.com/auth/userinfo.profile
OpenID Connect: openid
Step 5: Client Credentials
1. After creating the OAuth2 client, copy the following values:
Client ID: [Copy from Google Cloud Console]
Client Secret: [Copy from Google Cloud Console]
Step 6: Google OAuth2 Endpoints
1. Note the following Google OAuth2 endpoints:
Authorization endpoint: https://accounts.google.com/o/oauth2/v2/auth
Token endpoint: https://oauth2.googleapis.com/token
User info endpoint: https://www.googleapis.com/oauth2/v2/userinfo
OpenID Connect discovery: https://accounts.google.com/.well-known/openid_configuration
Configuration Summary
Once you have completed all steps, enter the following information in your SSO configuration:
- Provider: Google Workspace
- Protocol: OAuth2
- Client ID: [Copy from Google Cloud Console]
- Client Secret: [Copy from Google Cloud Console]
- Authorization Endpoint: https://accounts.google.com/o/oauth2/v2/auth
- Token Endpoint: https://oauth2.googleapis.com/token
- User Info Endpoint: https://www.googleapis.com/oauth2/v2/userinfo
- Redirect URI: https://yourdomain.com/api/sso/oauth2/callback
Note: Replace "yourdomain.com" with your actual domain name throughout this guide.
The placeholders above will be automatically replaced with your actual domain when you view this guide in the application.