- Different eSPACE Subscription Tiers include Different Features Including Single Sign On
- Viewing Your Subscription Details
- Each eSPACE admin with access to Billing can view what subscription tier your organization currently has and everything that is included in their account under Settings > Other > Billing > Manage.
For those who are on an eSPACE subscription tier that includes Single Sign On, you will have the capability to configure your eSPACE account so the people at your organization can be authenticated via your network provider. For more information general on how SAML SSO works with eSPACE, please check out this KB article.
Who Can Setup SSO
- Only eSPACE Admins can get to the SSO Integration Setup page in eSPACE
SSO For Existing eSPACE Users
- If the user has an eSPACE account already, AND their email address in both systems are the same, they will be able to log in to their existing eSPACE.
- However, if they do not have an eSPACE account already, a new eSPACE user account may be provisioned depending on this setting on the eSPACE SSO Setup page:
Setting up SSO
The following instructions will help you configure eSPACE to allow Single Sign-on through your Google Workspace account.
- Navigate to your Google Workspace Admin Homepage
- Click "Apps" option then the "Web and mobile apps"
- Click "Add App" >> Add Customer SAML App
- On App Details page:
- Enter App Name: eSPACE
- Upload App Icon
- Click Continue
Feel free to download this image to use for uploading an App icon:
- Follow Option 1, downloading the Metadata file. Once downloaded, navigate to the SSO Setup page in eSPACE (Settings >> Other >> Integrations >> SSO Setup)
- Enter the Identity Provider as "Google"
- Upload the Metadata file you just downloaded from Google
Upon uploading, the Certificate and Single Sign On Service URL should automatically populate. (If and when Google changes/updates their URL requirements, then the URL in eSPACE will also need to be updated in order to match, otherwise users will get an error message when they try to use Google SSO to sign into their eSPACE account on the eSPACE website.) - Copy the Assertion Consumer Service URL (feel free to use the copy icon on the right of it)
- Back in Google, you should still be on "step 2". Click "Continue" to get to the next configure page (Step 3 - Service provider details).
- In the ACS URL field, paste the value you copied from step 8 above.
- In the "Entity ID" field, enter https://app.espace.cool
- For the Name ID format field, choose "EMAIL"
- For the Name ID field, choose "Basic Information > Primary email"
- Click "Continue" to get to the Attribute mapping
- The important things to keep in mind are the attributes must include email, first name, and last name, and the attribute names must match exactly between Google and eSPACE. So, in Google, click the "Add Mapping" button, select Primary Email, and then set the App attribute to be email. Repeat with First name and Last name. For the App attributes, enter firstname and lastname, respectively.
You can go ahead and click "Finish" - On eSPACE's SSO setup page, ensure the attribute names match:
- Configure the User Provisioning settings as desired. Be sure to select the appropriate user to clone if selection the 2nd or 3rd option:
- Set the "Require all logins to go through SSO Identity Provider..." setting as enabled or disable.
- Learn more here: How SAML Single Sign-On Works
- Set an Integration Admin.
- Click the "Save" button to save all the settings and enable SSO.
- Test your connection by opening a private or incognito, logging into Google, and then finding and clicking the eSPACE button from the Google App launcher.
That should take you straight into eSPACE.
IMPORTANT NOTE ABOUT TESTING: Be sure to test in a separate private/incognito window, rather than logging out of eSPACE in your main browser. Doing the latter could result the inability to get back eSPACE to fix any issues if SSO was not set up correctly.