Google SAML
This feature is available to Enterprise customers.
The following manual configuration creates an SAML SSO configuration for your Enterprise organization.
- Owner role in an Enterprise organization
- Google Admin console account
This configuration supports the following:
- Service Provider initiated SSO
- Single Log Out [optional]
Before configuring SSO, you need to assign a namespace and download your service provider certificate in . These steps provide information you need to enter later.
Click Organization in the left sidebar.
Click the SSO tab.
Under Namespace, enter the namespace you want for your organization. For example, acme_corp. Your organization members enter this namespace when they log in via SSO.
Under SSO type, select SAML 2.0.
Copy the Redirect URL and save it in a safe place. You will use this later when you create your SAML integration in the Google admin portal.
Login to the Google admin console.
From the dashboard's left menu, click Apps > Web and mobile apps.

Click Add app and select Add custom SAML app.

Enter an App name and Description.
Copy the SSO URL and save it in a safe place. You will use this later.
On the same screen, download the certificate and save it in a safe place.
Click Continue.
Enter the Service provider details. You can find thise information in the SSO configuration tab.
ACS URL: https://www.make.com/sso/saml/{namespace}
Entity ID: https://www.make.com/sso/saml/{namespace}/metadata.xml
Replace {namespace} with your namespace.

Click Continue.
Enter the App attributes.

Update the User access to On for everyone.

Click Organization in the left sidebar.
Click the SSO tab.
Activate the Service Provider Certificate and download it.
In the IDP certificate section, upload the certificate downloaded from step 6 of Create an SAML application in the Google admin portal above.

Enter the SSO URL from step 5 of Create an SAML application in the Google admin portal above and paste it into the IDP Login URL field in .
Enter the Login IML resolve.
Optional: It is a good practice to validate the JSON string in IML Resolve to ensure it is correct. You can use the JSONLint website to perform this validation.
Enter the following additional information:
Allows Unencrypted Assertions: Yes
Allow Unsigned Responses: No
Sign Requests: Yes

Go to make.com.
Click Sign in with SSO.
Enter the namespace you chose for your organization.
Log in using your Microsoft credentials and consent to 's access to your user data.