How to setup Google Workspace as an Identity Provider

Please read How to setup Single Sign On (SAML) before following this guide.

1. Login to Google Workspace as an administrator
2. Go to the Admin portal
3. On the menu, click Apps and select Web and mobile apps
4. Click Add app and select Add custom SAML app
5. In the App Name box, enter the name you want to show your users
6. In the Description box you can optionally enter a description
7. In the App icon section, click the camera icon and upload an appropriate logo
8. Click the CONTINUE button

In the next step, you need to get some information so you can add your Identity Provider to our app:

1. Copy and save the values for SSO URL (i.e. Sign on URL) and Entity ID (i.e. Issuer)
2. Download the Certificate to your desktop
3. Click the CONTINUE button

In the next step, you need to add our Service provider details:

1. In the ACS URL box, enter our ACS URL
2. In the Entity ID box, enter our Entity ID
3. The Name ID format should be "UNSPECIFIED" (this is the default value)
4. The Name ID should be "Basic Information > Primary email" (this is the default value)
5. Click the CONTINUE button
6. Click the FINISH button

At this point we suggest you assign the app to a test group via the User access section (once you have tested it, you can assign all your users as needed).