Get Demo

How to Configure SAML on Google Workspace

This document explains the steps of integrating the Google Workspace identity provider with the platform over SAML to log in to the platform by using your Google Workspace email account.

Google Workspace Settings

Please follow the steps below to set up SAML settings correctly on the Google Workspace side.

  • Log in to Google Workspace with a privileged account that can create applications.

  • Go to the Directory > Users > More Options > Manage user attributes menu from the main dashboard.

  • Click on Add Custom Attributes and add the following attribute.

    • Category: SAMLRole

    • Name: spRole

    • Type: Text

    • Visible: Visible to the organization

    • Value: Single value

  • You can set role name for specific users from Users > Select User > User Information > SAMLRole. The admin can set specific roles to the user such as CompanyAdmin, Reseller, or Custom roles name.

    • If a value is not set, the system will assign the default role for the user after login to the platform that admin is specified on the platform SAML settings.

    • You may skip this step for now and then revisit it if needed.

  • Go to Dashboard > Apps > Web and mobile apps > Add App > Add custom SAML app and then follow the steps below.

    • Name: Type SAML name.

    • Click the Continue button.

    • Click the Download Metadata button.

    • ACS URL: Please login to the platform and go to Company > Company Settings > SAML Settings > click + NEW and then see the "SSO Sign-in URL" field at the bottom of the page.

    • Entity ID: Please login to the platform and go to Company > Company Settings > SAML Settings > click + NEW and then see the "Idp Entity ID" field at the bottom of the page.

    • Click the Continue button.

    • Add the following attributes.

      • Primary Email > email

      • First name > firstName

      • Name Last name > lastName

      • Phone number > phoneNumber

      • spRole > spRole

    • Click the Finish button.

  • Go to the SAML app settings that is created and then click on User Access.

    • If you want everyone in the organization to be able to log in to the platform, enable the ‘On for everyone’ option.

    • If you want a few users in the organization to be able to log in to the platform, you can make a group of those users and assign the group to the SAML app.

Platform Settings

Log in to the platform with the privileged user who can access the SAML settings on the platform and then follows up on the document here to fill up the required fields.

Please follow the steps below to set up SAML settings correctly on the platform.

  • Log in to the platform with a privileged user who can access SAML settings.

  • From the left menu, under Company heading, click on Company Settings -> SAML Settings.

  • Click on the “Create your first SAML configuration” button in the middle of the page.

  • Then, fill in the following details when the "New SAML Configuration" field is opened.

    • SAML Name: Enter a name for SAML setting.

    • Allowed Domains: Enter the domain name that the admin will be using to log in to the platform. The platform will recognize the user with the domain and redirect to the SSO authentication.

    • SAML Configuration For Keepnet Labs: By clicking the "Upload Metadata" button under this field and then uploading the Google Workspace metadata file to the platform. According to the information in the metadata, the "Issuer URL of the IdP", "IdP SSO URL" and "IdP Certificate" fields will be filled automatically.

    • Default Role: Assing a default role to the users who will log in to the platform. If this option is not enabled, the user must have the ‘spRole’ attribute configured in the Google Workspace with the correct system role name to log in to the platform.

How to Test SAML Configuration

Check whether the configuration works or not by following the steps below.

  • Make sure the admin who will log in to the platform over SAML is created in the platform under the Company > System Users page.

  • Go to the login page of the platform.

  • Enter the email address. The email domain must be the one that is defined in the SAML settings.

  • The platform will redirect you to the Google Workspace SSO page to authenticate.

Video Tutorial

This video tutorial shows the above documentation steps for integrating the Google Workspace identity provider with the platform over SAML to log in to the platform by using your Google Workspace email account.

PreviousHow to Configure SAML on ADFSNextHow to Configure SAML on Azure AD

Last updated

Copyright © Keepnet Labs LTD. All rights reserved.