Set up SAML SSO with Google Workspace to streamline authentication for your organization.
In this article
Google IDM lets SchoolDay users access Google Workspace applications through Single Sign-On (SSO) without entering their credentials. It uses the SAML protocol and requires configuration in each Google Workspace to be activated.
To configure SAML SSO in Google Workspace, first set up a SAML profile in AppStore, then assign it to the desired Organizational Units (OUs) and share the entity ID and ACS URL with SchoolDay.
Requirements
- Super Admin Google Workspace access.
- Download the signed certificate. Google requires it in PEM format.
Set up SAML Profile
- Sign in to the Google Admin console as an administrator.
- Go to Security > Authentication > SSO with third-party IdP.
- Click Add SAML profile.
- Under the Third-party SSO profiles, enter AppStore SAML metadata.
- SSO Profile Name: sso.gg4l.com
- IDP entity ID: https://sso.gg4l.com/idp
- Sign-in page URL: https://sso.gg 4l.com/saml2/Redirect/SSO
- Sign-out page URL: https://sso.gg4l.com/auth/logout
- Click Upload Certificate, then import the AppStore SAML certificate into the SAML profile.
- Click Save.
Assign SAML Profile to OUs
- Under the Manage SSO profile assignments section, click Manage.
- Select Another SSO Profile and choose your AppStore SAML profile.
- Choose the option Have Google prompt for their username, then redirect them to this profile's IDP sign-in page.
- Click Save.
Share Entity ID and ACS URL with SchoolDay team
- Navigate to Security > Authentication > SSO with third party IdP.
- Open your SAML Profile.
- Find and copy values for Entity ID and ACS URL.
- Provide these values to the SchoolDay team at support@schoolday.com.