Google Workspace allows you to create a dedicated SAML App to handle authentication. If you want to, you can follow Google’s instructions directly.
You need to be signed in with a super administrator’s account to complete this section of the guide.
Create a custom SAML app#
- Log in to the Google Admin Portal using your super administrator account.
- Under the Menu, select Apps then Web and mobile apps.
- Click Add App and select the Add custom SAML app option from the dropdown.
- On the App details page, enter the name of your app. We recommend something memorable, like "[website name] SAML authentication".
- Click Continue.
- On the Google Identity Provider details page, download or copy the following information:
- IDP metadata
- Certificate
- SSO URL
- Click Continue.
For this guide, we want our users to be able to log in to our staging website: staging.example.com. Replace this example URL with the domain you want to authenticate.
- On the Service Provider Details page, enter the following details:
https://staging.example.com/login/consumein the ACS URL text field.cloudcannon.com/in the Entity ID text field.- (Optional.)
https://staging.example.com/in the Start URL field. This URL is where Google will redirect users to once they have logged in.
- Check the Signed response box.
- In the Name ID format dropdown, select the EMAIL option.
- In the Name ID dropdown, select the Basic Information > Primary email option.
- Click Continue.
- On the Attribute mapping page, click the Finish button.
Turn on the SAML app#
- Under the Menu, select Apps then Web and mobile apps.
- Select the SAML App you just created, and click User access.
- Click the On for everyone option, then Save.
Once you’ve saved your settings, it can take a few minutes for your changes to take effect.