Skip to main content

Single Sign-on with Google Workspace

Tom Metz
  • Updated

Single Sign-on allows you to configure eSPACE to be accessed and users to be authenticated via your network provider.  For more information general on how SAML SSO works with eSPACE, please check out this KB article.

NOTE:  Only eSPACE Admins can get to the SSO Integration Setup page in eSPACE

The following instructions will help you configure eSPACE to allow Single Sign-on through your Google Workspace account

  1. Navigate to your Google Workspace Admin Homepage
    mceclip0.png

  2. Click "Apps" option then the "Web and mobile apps"
    mceclip1.png

  3. Click "Add App" >> Add Customer SAML App
    mceclip2.png

  4. On App Details page:
    1. Enter App Name: eSPACE
    2. Upload App Icon
    3. Click Continue
      mceclip3.png
      Feel free to download this image to use for uploading an App icon:
      eSpace_icon.png

  5. Follow Option 1, downloading the Metadata file.  Once downloaded, navigate to the SSO Setup page in eSPACE (Settings >> Other >> Integrations >> SSO Setup)
  6. Enter the Identity Provider as "Google"
  7. Upload the Metadata file you just downloaded from Google
    mceclip4.png
    Upon uploading, the Certificate and Single Sign On Service URL should automatically populate.

  8. Copy the Assertion Consumer Service URL (feel free to use the copy icon on the right of it)
    mceclip10.png

  9. Back in Google, you should still be on "step 2". Click "Continue" to get to the next configure page (Step 3 - Service provider details).
  10. In the ACS URL field, paste the value you copied from step 8 above.
  11. In the "Entity ID" field, enter https://app.espace.cool
  12. For the Name ID format field, choose "EMAIL"
  13. Fort he Name ID field, choose "Basic Information > Primary email"
    mceclip5.png
  14. Click "Continue" to get to the Attribute mapping
  15. The important things to keep in mind are the attributes must include email, first name, and last name, and the attribute names must match exactly between Google and eSPACE. So, in Google, click the "Add Mapping" button, select Primary Email, and then set the App attribute to be email.  Repeat with First name and Last name.  For the App attributes, enter firstname and lastname, respectively.
    mceclip6.png
    You can go ahead and click "Finish"

  16. On eSPACE's SSO setup page, ensure the attribute names match:
    mceclip7.png

  17. Configure the User Provisioning settings as desired.  Be sure to select the appropriate user to clone if selection the 2nd or 3rd option:
    mceclip8.png

  18. Set the "Require all logins..." setting as desired.
  19. Set an Integration Admin.
  20. Click the "Save" button to save all the settings and enable SSO.
  21. Test your connection by opening a private or incognito, logging into Google, and then finding and clicking the eSPACE button from the Google App launcher.
    mceclip9.png
    That should take you straight into eSPACE.

    IMPORTANT NOTE ABOUT TESTING: Be sure to test in a separate private/incognito window, rather than logging out of eSPACE in your main browser.  Doing the latter could result the inability to get back eSPACE to fix any issues if SSO was not set up correctly.

Related articles

Comments

0 comments

Please sign in to leave a comment.