Single Sign-on allows you to configure eSPACE to be accessed and users to be authenticated via your network provider. For more information general on how SAML SSO works with eSPACE, please check out this KB article.
NOTE: Only eSPACE Admins can get to the SSO Integration Setup page in eSPACE
The following instructions will help you configure eSPACE to allow Single Sign-on through your Google Workspace account
- Navigate to your Google Workspace Admin Homepage
- Click "Apps" option then the "Web and mobile apps"
- Click "Add App" >> Add Customer SAML App
- On App Details page:
- Enter App Name: eSPACE
- Upload App Icon
- Click Continue
Feel free to download this image to use for uploading an App icon:
- Follow Option 1, downloading the Metadata file. Once downloaded, navigate to the SSO Setup page in eSPACE (Settings >> Other >> Integrations >> SSO Setup)
- Enter the Identity Provider as "Google"
- Upload the Metadata file you just downloaded from Google
Upon uploading, the Certificate and Single Sign On Service URL should automatically populate.
- Copy the Assertion Consumer Service URL (feel free to use the copy icon on the right of it)
- Back in Google, you should still be on "step 2". Click "Continue" to get to the next configure page (Step 3 - Service provider details).
- In the ACS URL field, paste the value you copied from step 8 above.
- In the "Entity ID" field, enter https://app.espace.cool
- For the Name ID format field, choose "EMAIL"
- Fort he Name ID field, choose "Basic Information > Primary email"
- Click "Continue" to get to the Attribute mapping
- The important things to keep in mind are the attributes must include email, first name, and last name, and the attribute names must match exactly between Google and eSPACE. So, in Google, click the "Add Mapping" button, select Primary Email, and then set the App attribute to be email. Repeat with First name and Last name. For the App attributes, enter firstname and lastname, respectively.
You can go ahead and click "Finish"
- On eSPACE's SSO setup page, ensure the attribute names match:
- Configure the User Provisioning settings as desired. Be sure to select the appropriate user to clone if selection the 2nd or 3rd option:
- Set the "Require all logins..." setting as desired.
- Set an Integration Admin.
- Click the "Save" button to save all the settings and enable SSO.
- Test your connection by opening a private or incognito, logging into Google, and then finding and clicking the eSPACE button from the Google App launcher.
That should take you straight into eSPACE.
IMPORTANT NOTE ABOUT TESTING: Be sure to test in a separate private/incognito window, rather than logging out of eSPACE in your main browser. Doing the latter could result the inability to get back eSPACE to fix any issues if SSO was not set up correctly.