Google Workspace SAML setup

Enable your Google Workspace (formerly G Suite) users to access 1Password SaaS Manager with Single-Sign-On (SSO).

Add 1Password SaaS Manager to Google Workspace

Create the SAML application in Google Workspace

  1. Log in to your Google Admin Console and select Apps.
  2. Select Web and mobile apps.
  3. Click Add App and select Add custom SAML app.
    If you cannot see Add custom SAML app in the list then you will need to enable Cloud Identity on your Google Workspace Account.
  4. In the App name field, enter 1Password SaaS Manager.
  5. Click Continue.

Google Identity Provider details

Click Option 1: Download Metadata to download the Google IDP metadata. This is a file which tells SaaS Manager how to configure the Google Workspace SAML connection:

Configure SaaS Manager

The next step involves putting the IDP metadata you downloaded from Google Workspace into SaaS Manager.

  1. Open SaaS Manager in a new browser tab, as you will need to switch back to Google Workspace shortly.
  2. Log in to your SaaS Manager site, and then go to Settings > Users > SAML providers:
  3. Click New. The New SAML Identity Provider dialog is displayed.
  4. In the Name field enter Google Workspace and ensure the Metadata type is set to Metadata.
  5. Open the IDP metadata that you downloaded from Google Workspace in a text editor (e.g. Notepad or Visual Studio Code), and cut and paste the contents of the file into the Metadata field.
  6. Click Create.

Finalize configuration in Google Workspace

For this step you will need the ACS URL and the Entity ID from SaaS Manager. You can copy these from the Users Settings page.

Service Provider details

  1. Return to Google Workspace and click Continue to move to the third step, Service Provider Details.
  2. Paste the URLs from SaaS Manager into the applicable fields.
  3. Under the Name ID section make sure the Name ID Format is set to EMAIL and the Name ID is set to Basic information > Primary email.
  4. Click Continue.

Attribute mapping

Using the Add Mapping button, add two attributes:

Google Directory attribute App (SaaS Manager) attribute
First name given_name
Last name family_name

Then click Finish.

Test the connection

Your new application will appear in Google Workspace. Click through on the SaaS Manager application in the table.

Use the User access section to enable the SaaS Manager SSO link and assign it to users. Click Test SAML login to test that the connection is working. If any settings are wrong, you can return here at any point and modify them.

We recommend assigning SaaS Manager to a test user account. Log in as your test user, and now go to the Google Workspace dashboard and you should see the SaaS Manager application:

Click the SaaS Manager icon. After a short pause, you should be automatically logged in to SaaS Manager.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.