# Google Workspaces

This page outlines the instructions for configuring Google Workspaces as your identity provider for SSO in BirdCRM using SAML. 

You first start by configuring specific steps in Google Workspaces and then following on with the steps required in BirdCRM before finalising your Google Workspaces configuration.

### Step one: Initial setup in Google Workspaces

1. Within [Google Workspaces Admin](https://admin.google.com), navigate to Web and mobile apps which is under the Apps menu item on the left menu bar. Click on **Add app** and select **Add custom SAML app**.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXewqghhxdcXnHwBCEmFE8q7WNCDAYMZi_3b5zN1pxH9TfEVgUjJs7Aw_gsLqhgPXXEmVx5WHDkZWKboHkicawnaqYigqR2_JM9INojc_WNS0KXzkASqpHFqyQ2R6oFy4NY5VBNWqbTofR1gFlNjlc7sa6Y?key=G4cws1tM_IONCfaBmekmJw" alt=""><figcaption></figcaption></figure>

2. Fill out an **App name**, **Description** and **logo** and click on **Continue**.&#x20;

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfVli-8_05_D1KAJenDiVF-8zyLS6qnki5v0e6WLM9SwhnqTgTKmilHEXYA4wR5EREH0SB82MMiOQFdyeQpsS6QJgmQStayNQI_YWa2I_tln1B9byL8J6Re93-ZBHmRblZY0gThEPCjFcaIVOSD4eF0AtU?key=G4cws1tM_IONCfaBmekmJw" alt=""><figcaption></figcaption></figure>

3. Select **Download IdP metadata** to download the metadata file and click **Continue**. A file will be downloaded that will be needed to upload into BirdCRM in a later step so make sure you take a note of where it is located.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXeW43AwQPPd_24_ce0S5B-_-69zKfLr-PhPj8kTC3miNrPFHDTyz1Gl0kDq5WTzoQCwIyEvb5GY_DSLAPKOChdaikf-8jDQwuhTJ1tq-OZ0fVvi9P-ZlCWbKPtaEHoUf5qU9N6ys0aLUYNp9vAmMbJbZas?key=G4cws1tM_IONCfaBmekmJw" alt=""><figcaption></figcaption></figure>

4. Now you need to continue the configuration in BirdCRM in order to retrieve the values Google Workspaces requires to complete the configuration.&#x20;

### Step two: Set up in Bird

1. Navigate to the [Settings](https://app.staging.bird.one/settings/security/access-settings) page by clicking on Settings in the bottom left, then  selecting **Access Management** under the **Organization** tab.

<figure><img src="https://3861485111-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FU9kiDiTGVD8kkbnKKyEn%2Fuploads%2FOTXk5krTJt0LMFbJfcUa%2Fimage.png?alt=media&#x26;token=24aa8c5b-1b28-4e1f-9b77-7d16ec7d9952" alt="" width="210"><figcaption></figcaption></figure>

<figure><img src="https://3861485111-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FU9kiDiTGVD8kkbnKKyEn%2Fuploads%2FGA8nNE8T6BX7h9vnMMWo%2Fimage.png?alt=media&#x26;token=6b60f5a9-a20d-4859-bfaa-e64148b33827" alt=""><figcaption></figcaption></figure>

2. Click on **Set Up SSO** and select **SAML**

<figure><img src="https://3861485111-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FU9kiDiTGVD8kkbnKKyEn%2Fuploads%2FYMMvz4btFwJft71lJtFW%2Fimage.png?alt=media&#x26;token=716f7132-4cb4-4e58-8e75-6e38f45e9f1a" alt="" width="375"><figcaption></figcaption></figure>

3. Fill out a **Name** which will be seen and selected by users when they login via app.bird.com.&#x20;
4. Select **File** for the SAML Metadata and click **Click to upload**. Navigate to the Google Workspace IdP Metadata file you downloaded earlier and select it. The file is normally named `GoogleIDPMetadata.xml`. Click **Confirm**.&#x20;

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXc2gmagfnOnKEwyGC5HfkRqrVKxW6ql52der0SV1ncpe6-Bg1pS-jcm1mbtrcj5jHn5QxMnHrbspZOdSFCCeJww_pOgpK1dz18_ynbPcM2ogPYyW5uuZNgT7azJDlV_GgB-1dfn2vFtwsHCuIphSDOoxEU?key=G4cws1tM_IONCfaBmekmJw" alt="" width="375"><figcaption></figcaption></figure>

{% hint style="success" %}
Your SAML integration is now saved.
{% endhint %}

### Step three: Add one or more domains

The next steps are to add one or more domains that you can login with and also retrieve the required values to complete the Google Workspace settings. The order is not important but these instructions will perform the domain validation first and then retrieve the values to use in Google Workspaces.&#x20;

1. To start with, select your SSO integration and click on **View**.&#x20;

<figure><img src="https://3861485111-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FU9kiDiTGVD8kkbnKKyEn%2Fuploads%2FSgFMnz5l16IHTxzzGUlE%2Fimage.png?alt=media&#x26;token=cf9a40ed-8890-4bb3-8c9d-0ad88b57c56d" alt="" width="375"><figcaption></figcaption></figure>

2. Now we will validate your domain(s) that you will login from Google Workspaces with. First click on the **Domain Validation** button available when viewing your SSO integration.

<figure><img src="https://3861485111-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FU9kiDiTGVD8kkbnKKyEn%2Fuploads%2F9nqiLTg3C7wg5FDazK69%2Fimage.png?alt=media&#x26;token=c86eae5f-4522-4df9-8b79-7e2a9819abf3" alt="" width="455"><figcaption></figcaption></figure>

3. Enter your company domain name that you login with (e.g. companyname.com) and click **Create**.

<figure><img src="https://3861485111-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FU9kiDiTGVD8kkbnKKyEn%2Fuploads%2FQ1uyHhMsVJ8eShLErYuY%2Fimage.png?alt=media&#x26;token=ae4ba988-ab13-441f-b330-7aadcb072ede" alt="" width="496"><figcaption></figcaption></figure>

4. You will then be presented with a unique string under the **Challenge** column that needs to be placed as a TXT record in your domain. If you are unsure how to add a TXT record please consult with your DNS provider.
5. Once you have added the TXT record to verify your domain, you can select **Verify**.
6. If the TXT record was added correctly it will then show the status of **Verified**.&#x20;
7. Now we can get the final details to complete the Google Workspaces configuration. Click on **Details** in the SSO configuration.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXevXJ2sAEQPC4DIl8PhmgUW3SGkKJP7cU8jebDCn0N1OMNYWqtYhIzfWTcT2C5sUiNCTjsQKeQ1igzdSuAZf_4R7RSEv6LS9Zyacysqio_rw8v9rLRXdCiHU8-n7wLWQ06a0uGttLmB9Ji26OCm4ypWuBA?key=G4cws1tM_IONCfaBmekmJw" alt="" width="375"><figcaption></figcaption></figure>

8. From this screen you will need to take a copy of the **Single Sign On URL** and the **Audience URI** fields which will be used to complete your [Google Workspaces configuration](#step-four-set-up-in-google-workspaces).&#x20;

### Step four: Set up in Google Workspaces

1. Continuing where you left off in your Google Workspaces SAML application setup you can now complete the Service Provider details screen.&#x20;
2. The ACS URL needs to contain the value you copied from the Single Sign On URL field in Bird in Step 12.&#x20;
3. The Entity ID needs to contain the value you copied from the Audience URI field in Bird in Step 12.
4. The Name ID Format needs to be PERSISTENT and the Name ID should be Basic Information -> Primary Email as shown below.&#x20;
5. Click **Continue**. <br>

   <figure><img src="https://3861485111-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FU9kiDiTGVD8kkbnKKyEn%2Fuploads%2FPae9IVvaoHzlg2itDxcT%2Fimage.png?alt=media&#x26;token=5ecec1c0-096c-470b-b9c6-f97ff3e90fe1" alt=""><figcaption></figcaption></figure>
6. There are two required Attributes to be completed on this screen under Google directory attributes:
   1. Primary email -> email
   2. Last name -> name
7. Once these have been added you can click **Finish**. <br>

   <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXd430bpJ88X1FE3ntBdsx2YKHaF_guwoeFwll7ZnuPoIGZzi-F0HJegxhIYog187tcGjsiE_m_KK2j0VY8BjdYNX7yCHwb-bZcVeGrnI5OrMQk-HM96d7sBCrT8IRJxZyRJEEbpJfP1V_xUtsFANJl-DgM?key=G4cws1tM_IONCfaBmekmJw" alt=""><figcaption></figcaption></figure>

{% hint style="success" %}
You have now completed the Google Workspaces SSO setup.&#x20;
{% endhint %}

{% hint style="info" %}
Make sure that you assign the application to your users and groups as required.
{% endhint %}