Google SAML

Pre-condition before the SAML Configuration

Please make sure to add verified domains before configuring SAML.                                                                                                                                                                                                                                                                                                            

Please follow the below steps to configure Google SAML Login for Zluri.

1. Go to https://admin.google.com/

2. On the right sidebar, navigate to Apps > Web and mobile apps.
   [block:image]{"images":[{"image":["https://files.readme.io/375c6c9-2.png",null,null],"align":"center"}]}[/block]

3. Click on Add App and select Add Custom SAML app. 
   

4. Add the App name (any) and continue.
   

5. Copy SSO URL (this will be needed in step 16)
   

6. Download  Certificate (this will be needed in step 17)
   

7. Click on continue.

8. Add ACS URL and Add Entity ID: 

   1. You can get the ACS URL & Entity ID from the Zluri dashboard from the Settings > SSO.
   2. Add the copied ACS URL and entity ID in GW: 

9. Select Name ID format as Email.
10. Select Name ID as  Basic Information > Primary Email

11. Click Continue

12. Click on Add Mapping

13. Select  Primary Email from the Google directive attribute and add email as an App attribute

14. Click on Finish.

15. On this screen click  User access and select On for everyone and save.

16. In the Zluri interface, please upload the 'sign in URL' obtained in step 5.

17. Also, please upload the certificate obtained in step 6 and click 'Save'.

Then click 'Test connection' to try logging in with your Google Workspace credentials. If you can log in successfully, then it works. Next time any user of your organization tries to log in they will be redirected to the Google Workspace login.

If you have already configured SAML, please check this link to understand How you can rotate SAML Certificate in Zluri?