Setting up Single Sign on with Google Workspace

Single Sign-On is a convenient, yet secure way of authenticating a user - without them having to set up a new password. 


Requirements

  • access to Google Admin center
  • access to Userlane Portal


Set up SSO for Google Workspace

In order to configure the Single Sign-On with Google Workspace for Userlane, follow these steps below:

  1. Open the Google Admin center (admin.google.com) and navigate to Apps / Web and mobile apps
    dropdown highlighting heading web and mobile apps

  2. Click on “Add app” and select “Add custom SAML app”
    dropdown highlighting option add custom SAML app

  3. Enter “Userlane” as App name. Optionally add a description and App icon (these are non-essential parameters). Continue to the next screen.                                                                                   App details form with filled in app name Userlane

  4. Copy the SSO URL from Google and paste it into the “IDP Entrypoint URL” field in the Userlane Portal’s SSO configuration page (Account > Global settings > Single Sign-on).
    entry point URL with an example URL

  5. Copy the Certificate from Google and paste it into the “IDP Certificate” field on the same page in the Userlane Portal.
    Google certificate example

  6. Then remove the “---BEGIN CERTIFICATE---” and “---END CERTIFICATE---” lines from the beginning and ending of the textbox.certificate example when copied into Userlane Portal

  7. Confirm these edits by clicking “Save” on the Userlane Portal.

  8. Copy the “Userlane Entity ID & Consumer URL” from the Userlane Portal. This typically looks like a URL starting with https://sso-saml.userlane.com/..
    option to copy URL and entity ID

  9. Back on the Google Admin page, continue to the next step.

  10. We tried to make this as easy as possible for you at Userlane, so the copied URL same value goes into both the “ACS URL” and “Entity ID” on the Google Admin configuration screen. Tick the “Signed response” checkmark.
    service provider details with checkmark for signed response

  11. For the Name ID confirmation, you can leave the default configuration unchanged.
    default configuration for name id confirmation

  12. On the next step, you can optionally add attributes that should be handed over from Google Workspaces to Userlane for each user. This allows you to enhance the Userlane profile in Userlane, which can be used to segment users and show them targeted content. You can leave it blank or add a few relevant mappings:
    attribute mapping for countries, ID or department

  13. Complete the configuration of Userlane as SAML App in Google Admin.

  14. Make sure to enable access to the Userlane SAML App in Google Admin for your entire organization.service status options

  15. Now it’s time to test the Single Sign On.

You can do this by clicking on the “Test SSO” button on the Userlane Portal, or by opening the Entity ID URL used before in a new tab manually. The Single Sign On flow is working correctly if the tab closes automatically (after being redirected around a few times) and not showing any errors. 

button to test setup

User Icon

Thank you! Your comment has been submitted for approval.