Google SAML

6 min

this feature is available to enterprise customers the following manual configuration creates an saml sso configuration for your enterprise organization prerequisites owner role in an enterprise organization google admin console account supported features this configuration supports the following service provider initiated sso single log out \[optional] configuration steps before configuring sso, you need to assign a namespace and download your service provider certificate in {{product name}} these steps provide information you need to enter later create your namespace in make click organization in the left sidebar click the sso tab under namespace , enter the namespace you want for your organization for example, acmecorp your organization members enter this namespace when they log in via sso under sso type , select saml 2 0 copy the redirect url and save it in a safe place you will use this later when you create your saml integration in the google admin portal create an saml application in the google admin portal login to the google admin console from the dashboard's left menu, click apps > web and mobile apps click add app and select add custom saml app enter an app name and description copy the sso url and save it in a safe place you will use this later on the same screen, download the certificate and save it in a safe place click continue enter the service provider details you can find thise information in the {{product name}} sso configuration tab acs url https //www make com/sso/saml/{namespace} entity id https //www make com/sso/saml/{namespace}/metadata xml replace {namespace} with your google saml /#create your namespace in make click continue enter the app attributes update the user access to on for everyone update the sso in make click org in the left sidebar switch to the sso tab activate the service provider certificate and download it in the identity provider certificate section, click extract in the p12, pfx or pem file field, upload the certificate downloaded from step 6 of google saml /#create an saml application in the google admin portal above then click save enter the sso url from step 5 of google saml /#create an saml application in the google admin portal above and paste it into the idp login url field in {{product name}} enter the login iml resolve { "email" "{{get(user attributes email, 1)}}", "name" "{{get(user attributes firstname, 1)}}{{get(user attributes lastname, 1)}}", "id" "{{get(user attributes email, 1)}}" } optional it is a good practice to validate the json string in iml resolve to ensure it is correct you can use the jsonlint website to perform this validation enter the following additional information allows unencrypted assertions no allow unsigned responses no sign requests yes service provider initiated sso go to make com click sign in with sso enter the namespace you chose for your organization log in using your microsoft credentials and consent to {{product name}} 's access to your user data