Google Workspaces
Last updated
Last updated
This page outlines the instructions for configuring Google Workspaces as your identity provider for SSO in BirdCRM using SAML.
You first start by configuring specific steps in Google Workspaces and then following on with the steps required in BirdCRM before finalising your Google Workspaces configuration.
Within Google Workspaces Admin, navigate to Web and mobile apps which is under the Apps menu item on the left menu bar. Click on Add app and select Add custom SAML app.
Fill out an App name, Description and logo and click on Continue.
Select Download IdP metadata to download the metadata file and click Continue. A file will be downloaded that will be needed to upload into BirdCRM in a later step so make sure you take a note of where it is located.
Now you need to continue the configuration in BirdCRM in order to retrieve the values Google Workspaces requires to complete the configuration.
Navigate to the Access Settings page by clicking on your current Workspace name in the top left, then selecting Settings and clicking on the Security tab.
Click on Set Up SSO and select SAML
Fill out a Name which will be seen and selected by users when they login via app.bird.com.
Select File for the SAML Metadata and click Click to upload. Navigate to the Google Workspace IdP Metadata file you downloaded earlier and select it. The file is normally named GoogleIDPMetadata.xml. Click Confirm.
Your SAML integration is now saved.
The next steps are to add one or more domains that you can login with and also retrieve the required values to complete the Google Workspace settings. The order is not important but these instructions will perform the domain validation first and then retrieve the values to use in Google Workspaces.
To start with, select your SSO integration and click on View.
Now we will validate your domain(s) that you will login from Google Workspaces with. First click on the Domain Validation button available when viewing your SSO integration.
Enter your company domain name that you login with (e.g. companyname.com) and click Create.
You will then be presented with a unique string under the Challenge column that needs to be placed as a TXT record in your domain. If you are unsure how to add a TXT record please consult with your DNS provider.
Once you have added the TXT record to verify your domain, you can select Verify.
If the TXT record was added correctly it will then show the status of Verified.
Now we can get the final details to complete the Google Workspaces configuration. Click on Details in the SSO configuration.
From this screen you will need to take a copy of the Single Sign On URL and the Audience URI fields which will be used to complete your Google Workspaces configuration.
Continuing where you left off in your Google Workspaces SAML application setup you can now complete the Service Provider details screen.
The ACS URL needs to contain the value you copied from the Single Sign On URL field in Bird in Step 12.
The Entity ID needs to contain the value you copied from the Audience URI field in Bird in Step 12.
The Name ID Format needs to be PERSISTENT and the Name ID should be Basic Information -> Primary Email as shown below.
Click Continue.
There are two required Attributes to be completed on this screen under Google directory attributes:
Primary email -> email
Last name -> name
Once these have been added you can click Finish.
You have now completed the Google Workspaces SSO setup.
Make sure that you assign the application to your users and groups as required.
