Google Workspace

This guide will show you how to integrate GoodAccess with Google Workspace SSO.

This feature is available in the Premium plan and higher.

Please note: Changing the login method to identity provider will permanently delete all Members you invited. Your team Members will be automatically added to GoodAccess upon their first login. Manually added Members will stay.

Remember to grant your Google users access permissions to GoodAccess. Users without them won't be able to log in.

Step 1 - Adding a new identity provider

Log in to the GoodAccess Control Panel, and go to Settings > SSO & MFA.

Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.

Step 2 - Setting up Single Sign-On with SAML

Log in to the Google Admin console, and go to Apps > Web and mobile apps.

Click Add App, and Add custom SAML app.

1. App details

Give the appplication a name, upload a logo, and click Continue.

2. Google Identity Provider details

Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.

  • Sign in URL - SSO URL

  • Entity ID - Entity ID

  • X509 signing certificate - Certificate

3. Service provider details

Copy the details from GoodAccess - (2) GoodAccess links, and click Continue.

  • ACS URL - Assertion Consumer Service URL

  • Entity ID - Entity ID

  • Start URL - Login URL

  • Name ID format - UNSPECIFIED

  • Name ID - Basic Information > Primary email

Skip the next step in GoodAccess, and click Submit to finish the configuration.

4. Attribute mapping

Click ADD MAPPING, and add two attributes as follows:

Google Directory attributesApp attributes

Primary email

"email" (without quotes)

First name

"name" (without quotes)

Click Finish to confirm your settings.

You have now successfully set up your Google Workspace SSO with GoodAccess.

Step 3 - Managing user access

In the application click User access.

Choose who should have access, select ON, and click Save.

Last updated