Skip to main content
Main Menu Toggle
Features » Access+ People » Configure SAML-based SSO using Google Workspace

Configure SAML-based SSO using Google Workspace

Overview

Get started with simplified user logins by setting up single sign-on (SSO) with Google Workspace for your site. After you set up SSO, your users can sign in to the mobile app by using their Google Workspace credentials.

Set up a new SAML app

  1. Sign in to your Google Admin console.
  2. From the Admin console home page, go to Apps > Web and mobile apps.
  3. Click Add App > Add custom SAML app.
  4. On the App details page:
    1. Enter the name of the custom app.
    2. The icon is optional.
  5. Click Continue.
  6. On the Google Identity Provider details page copy the SSO URL and Entity Id and download the Certificate
  7. Click Continue.
  8. On the Service provider details page:
    1. Enter the ACS URLhttps://sia-sso.azurewebsites.net/Saml2/Acs
    2. Enter the Entity IDhttps://sia-sso.azurewebsites.net/Saml2
    3. Set Name ID format to EMAIL
    4. Set Name ID to Basic Information > Primary Email
  9. Click Continue.
  10. On the Attribute mapping page add the following mappings:
    1. First Name -> FirstName
    2. Last Name -> LastName
    3. (Optional) Any google directory attribute -> Role
      1. Choose a google directory attribute that can be used to determine the user's role, like "Organization unit path", "Department" or "Cost center".
      2. We will use the value of this attribute to map users to roles in our system.
      3. "Organization unit path" is generated based on the user's organization unit.
      4. Considering the following organization unit structure the path would be the:
        Root -> /
        Test unit -> /Test unit
        Test unit inside another unit -> /Test unit/Test unit inside another unit
  11. Click Finish

Turn on your SAML app

  1. Go to Apps > Web and mobile apps.
  2. Select your app.
  3. Click User access.
  4. To turn on for everyone in your organizaion, click On for everyonve and then click Save.
  5. (Optional) If you only want to turn on the app for a set of users or organizational units, please follow the "Turn on your SAML app" section of the official guide.
 

Email us the setup information

Please send the SSO URLEntity ID and the Certificate to your Project manager (for new apps) or [email protected] (for existing apps) with subject "SSO - G-Suite" along with the the desired default role and an optional role mapping. Please list the possible values which can be in the “Role” attribute and what role should it translate to in Edlio's system. The default role will be assigned to all users we are unable to map.
Example setup information:
  1. SSO URL: https://accounts.google.com/o/saml2/idp?idpid=C00mnztyz
  2. Entity ID: https://accounts.google.com/o/saml2?idpid=C00mnztyz
  3. Certificate: your_cert.pem (attached)
  4. Default role: Other
  5. (Optional) Role mapping:
    1. Your role 1 -> Administrator (this is the role it will be mapped to in our system)
    2. Your role 2 -> Student
Our team will let you know once everything is configured on our end.

Troubleshooting common issues

Error: app_not_configured_for_user
This error is generated by Google and means that the user you tried logging in with does not have access to the SAML app in G-Suite.
Please review the steps in the Turn on your SAML section to make sure that you have setup user access correctly.
If everything seems to be set up correctly try turning access Off for everyone, then turning it back On after a minute and see if that solves the issue.