Google Workspaces

This page outlines the instructions for configuring Google Workspaces as your identity provider for SSO in BirdCRM using SAML.

You first start by configuring specific steps in Google Workspaces and then following on with the steps required in BirdCRM before finalising your Google Workspaces configuration.

Step one: Initial setup in Google Workspaces

1. Within Google Workspaces Admin, navigate to Web and mobile apps which is under the Apps menu item on the left menu bar. Click on Add app and select Add custom SAML app.

2. Fill out an App name, Description and logo and click on Continue.

3. Select Download IdP metadata to download the metadata file and click Continue. A file will be downloaded that will be needed to upload into BirdCRM in a later step so make sure you take a note of where it is located.

4. Now you need to continue the configuration in BirdCRM in order to retrieve the values Google Workspaces requires to complete the configuration.

Step two: Set up in Bird

1. Navigate to the SSO setup page which is available here or by clicking on your Avatar in the bottom left, selecting Settings and clicking on the Security tab.

2. Click on Set Up SSO and select SAML

3. Fill out a Name which will be seen and selected by users when they login via app.bird.com.

4. Select File for the SAML Metadata and click Click to upload. Navigate to the Google Workspace IdP Metadata file you downloaded earlier and select it. The file is normally named GoogleIDPMetadata.xml. Click Confirm.

Step three: Add more domains

The next steps are to add one or more domains that you can login with and also retrieve the required values to complete the Google Workspace settings. The order is not important but these instructions will perform the domain validation first and then retrieve the values to use in Google Workspaces.

1. To start with, select your SSO integration and click on View.

6. Now we will validate your domain(s) that you will login from Google Workspaces with. First click on the Domain Validation button available when viewing your SSO integration.

7. Enter your company domain name that you login with (e.g. companyname.com) and click Create.

8. You will then be presented with a unique string under the Challenge column that needs to be placed as a TXT record in your domain. If you are unsure how to add a TXT record please consult with your DNS provider.

9. Once you have added the TXT record to verify your domain, you can select Verify.

10. If the TXT record was added correctly it will then show the status of Verified.

11. Now we can get the final details to complete the Google Workspaces configuration. Click on Details in the SSO configuration.

12. From this screen you will need to take a copy of the Single Sign On URL and the Audience URI fields which will be used to complete your Google Workspaces configuration.

Step four: Set up in Google Workspaces

1. Continuing where you left off in your Google Workspaces SAML application setup you can now complete the Service Provider details screen.

2. The ACS URL needs to contain the value you copied from the Single Sign On URL field in Bird in Step 12.

3. The Entity ID needs to contain the value you copied from the Audience URI field in Bird in Step 12.

4. The Name ID Format needs to be PERSISTENT and the Name ID should be Basic Information -> Primary Email as shown below.

5. Click Continue.
6. There are two required Attributes to be completed on this screen under Google directory attributes:

   1. Primary email -> email

   2. Last name -> name

7. Once these have been added you can click Finish.