This article is a reference to the official google documentation Set up your own custom SAML application - Google Workspace Admin Help.
Google Workspace Configuration
First Steps
- First, you will need a Google Workspace Admin to sign into the workspace at https://admin.google.com
- Navigate to App/Web and Mobile apps
- Select Add App/Add custom SAML app and start to configure the app.
Configure the APP
- Provide an App Name then click to continue.
- On the next page, please click the "Download IdP metadata" button and forward the XML metadata file in response to Support.
- Please also copy the Entity ID and paste this in the SSO Form (attached). Following this, click "Continue"
- In the next step the user will configure in the ACS URL and Entity ID, i.e. the specified URLs that the MediaValet Support team has provided.
- Next, please ensure that the Name ID format and Name ID are configured, we recommend using:
- Name ID format = EMAIL
- Name ID = Basic Information >Primary email
- In the example below, we used our test IAM URL for both these values. Live clients should use the EntityId/SSO URL the MediaValet Support team provides.
- Following this, please configure the attributes mapping, which will determine how Google (i.e. the Idp) will send these claims' data to MediaValet's identity service. Please ensure these are copied over to the SSO form (attached) as well.
- First Name
- Last Name
- Email
- We recommend to use the following attribute mapping:
- FirstName = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
- LastName = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- Email = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- After concluding the whole attribute mapping go to Finish.
Setting the User permissions
After completing the app configuration you will need to configure the users that should have access to the custom MediaValet SAML application that was set up.
- Navigate to the app and click on: User access area
- In this section there are some options about how to grant permissions to the users present in your Google Workspace
- ON for everyone into section Service status
- Groups: see how to configure groups into Google workspace in the official documentation
Create a group in your organization - Google Workspace Admin Help.
- To keep things simple, in the example below, Service Status was set to "ON for everyone" which will enable all the users inside this Google Workspace to use their SSO credentials to sign into MediaValet