Guides
System StatusRaise a TicketZluri Website
Start typing to search…

Google SAML

This article explains how to configure Google SAML login in Zluri

Pre-condition before the SAML Configuration

Please make sure to add verified domains before configuring SAML.                                                                                                                                                                                                                                                                                                            

Please follow the below steps to configure Google SAML Login for Zluri.

  1. Go to https://admin.google.com/

  3. Click on Add App and select Add Custom SAML app. 

  4. Add the App name (any) and continue.

  5. Copy SSO URL (this will be needed in step 16)

  6. Download  Certificate (this will be needed in step 17)

  7. Click on continue.

  8. Add ACS URL and Add Entity ID: 

    1. You can get the ACS URL & Entity ID from the Zluri dashboard from the Settings > SSO.
    2. Add the copied ACS URL and entity ID in GW: 

9. Select Name ID format as Email.
10. Select Name ID as  Basic Information > Primary Email

11. Click Continue

12. Click on Add Mapping

13. Select  Primary Email from the Google directive attribute and add email as an App attribute

14. Click on Finish.

15. On this screen click  User access and select On for everyone and save.

16. In the Zluri interface, please upload the 'sign in URL' obtained in step 5.

17. Also, please upload the certificate obtained in step 6 and click 'Save'.

Then click 'Test connection' to try logging in with your Google Workspace credentials. If you can log in successfully, then it works. Next time any user of your organization tries to log in they will be redirected to the Google Workspace login.

If you have already configured SAML, please check this link to understand How you can rotate SAML Certificate in Zluri?

Editing an existing SAML setup

Rotate SAML certificates

X.509 certificates have a defined lifetime (e.g., in Google Workspace, it has a validity of 5 years). You should rotate a certificate if it's about to expire or if it becomes compromised.

If a certificate expires before you rotate it, your users won’t be able to use SSO to sign in to any SAML applications that use that certificate until you replace it with a new certificate.

To rotate the certificate:

  1. Open the SAML app in your SSO, navigate to the certificate page, and recreate it.

  2. Once you get the new certificate, please upload it to the Zluri platform.

Save the connection, and you can continue to use the SAML connection as configured.

Add/remove SAML domains

To add or remove SAML domains, go to SSO Settings, select/deselect the domains that you want to configure for SAML, then click Save.

Updated 5 days ago