Overview
This article describes integrating Suite with Google acting as the identity provider via SAML 2.0. By the end of the article, your team members will be able to authenticate against Google to log in to Suite.
Creating a Suite Application Within Google
Step 1: Sign in to the Google admin portal
Step 2: Navigate to the Apps > Web and mobile apps Page
Step 3: Click "Add app" and then "Add custom SAML app"
Step 4: Type in the "App name" and as an option, add the Suite logo to the app in Google
Step 5: Download the IdP Metadata and keep it handy (you will need this in a later step)
Step 6: Locate the "Single sign-on URL" and the "Audience URI" provided by a Suite Team Member - You'll need these in the next step.
Step 7: Match your SAML Settings to the image below OR reference the corresponding table:
Field | Value |
ACS URL | Copy and paste the Single sign-on URL here |
Entity ID | Copy and paste the Audience URI here |
Start URL | Leave this field blank |
Name ID format | UNSPECIFIED |
Name ID | Basic Information > Primary email |
Step 8: Map the following attributes to the corresponding value. Pay close attention as this is case-sensitive.
Google Directory attributes ( โ ๏ธ case sensitive โ ๏ธ ) | App attributes |
First name | firstName |
Last name | lastName |
Primary email |
Step 9: Pick a team ID for your account
When your team members sign in using SSO on Suite they'll need to provide a team ID. This ID can not include whitespace and cannot start or end with an underscore.
๐ก We recommend keeping this simple and readable. For example, if your company's name was Flower Productions, you could choose "flowerproductions".
Step 10: Email a Suite team member the Metadata file that you downloaded in Step 5 as well as your chosen team ID.
A Suite administrator will complete the integration and notify you as soon as it is ready!