Google Workspace

Please note: Changing the login method to identity provider involves permanently deleting all existing members. Your team members will be automatically added to GoodAcces upon their first login. Currently added devices will be retained.
In case you have problem with login in with SSO (white page; Error: not_a_saml_app) try to clear your cookies and caches, then try to log in with SSO again. If the problem persists, please contact our support.

Step 1

Open the SSO Settings in GoodAccess Control panel -> Settings -> Login & Security

Step 2

In your Google Admin console (at go to Apps > Web and mobile apps.

Step 3

Click Add App and then Add custom SAML app.

Step 4

Enter the name of your app (it is up to you), and upload a logo if you wish.

Step 5

On the Google Identity Provider details page, you will be asked to provide the SSO URL, entity ID, and certificate.

Step 6

Open the SSO Settings in the GoodAccess Control panel (Step 1), and copy the information as follows:
  • Sign in URL – SSO URL (previous step)
  • Entity ID – Entity ID (previous step)
  • X509 Signin certificate – Certificate (previous step)

Step 7

Click Continue in the admin Google workspace and prepare (copy) following details from the GoodAccess Control panel:
  • Service Provider Links
  • Assertion Consumer Service URL
  • Login URL (there is only slash)

Step 8

Now copy the previous details to the Google Workspace Admin Console.
  • Acs URL - Assertion Consumer Service ULR (previous screen)
  • Entity ID – Service provider links Entity ID (previous screen)
  • State URL - Login URL
  • Name ID format – enter "UNSPECIFIED"
  • Name ID – enter "Basic Information > Primary email"

Step 9

  • (First line)Basic information – Primary email -> App attributes – enter "email"
  • (Second line) Basic information – First name -> enter "name"

Step 10

Open the created App in Google Workspace and click on "OFF for everyone"

Step 11

Change to "ON fore everyone" and Save the changes.
Last modified 1yr ago