Configure SAML-based SSO using G-Suite

Overview

Get started with simplified user logins by setting up single sign-on (SSO) with G-Suite for your site. After you set up SSO, your users can sign in to the mobile app by using their G-Suite credentials.

Set up a new SAML app

1. Sign in to your Google Admin console.
   
2. From the Admin console home page, go to Apps > Web and mobile apps.
   
3. Click Add App > Add custom SAML app.
   
   
4. On the App details page:
   
1. Enter the name of the custom app.
   
2. The icon is optional.
   
5. Click Continue.
   
6. On the Google Identity Provider details page copy the SSO URL and Entity Id and download the Certificate
7. Click Continue.
8. On the Service provider details page:
   
1. Enter the ACS URL: https://sia-sso.azurewebsites.net/Saml2/Acs
   
2. Enter the Entity ID: https://sia-sso.azurewebsites.net/Saml2
   
3. Set Name ID format to EMAIL
   
4. Set Name ID to Basic Information > Primary Email
   
9. Click Continue.
   
10. On the Attribute mapping page add the following mappings:
    
1. First Name -> FirstName
   
2. Last Name -> LastName
   
3. (Optional) Cost Center -> Role
1. Depending on which Employee detail field you would like to use to determine the user’s role, exchange Cost center with Department or Title.
   
2. The App attribute’s name must remain “Role” in all cases.
   
3. We will use the value of this attribute to map users to roles in our system
   
   
11. Click Finish.
    

Turn on your SAML app

1. Go to Apps > Web and mobile apps.
   
2. Select your app.
   
3. Click User access.
   
4. To turn on for everyone in your organizaion, click On for everyonve and then click Save.
   
   
5. (Optional) If you only want to turn on the app for a set of users or organizational units, please follow the "Turn on your SAML app" section of the official guide.
   

Email us the setup information

Please send the SSO URL, Entity ID and the Certificate to deployment@esv2go.com (for new apps) and content@esv2go.com (for existing apps) with subject "SSO - G-Suite" along with the the desired default role and an optional role mapping. Please list the possible values which can be in the “Role” attribute and what role should it translate to in our system. The default role will be assigned to all users we are unable to map.

​

Example setup information:

1. SSO URL: https://accounts.google.com/o/saml2/idp?idpid=C00mnztyz
2. Entity ID: https://accounts.google.com/o/saml2?idpid=C00mnztyz
   
3. Certificate: your_cert.pem (attached)
   
4. Default role: Other
   
5. (Optional) Role mapping:
   
1. Your role 1 -> Administrator (this is the role it will be mapped to in our system)
   
2. Your role 2 -> Student

Our team will let you know once everything is configured on our end.

Troubleshooting common issues

Error: app_not_configured_for_user

This error is generated by Google and means that the user you tried logging in with does not have access to the SAML app in G-Suite.

Please review the steps in the Turn on your SAML section to make sure that you have setup user access correctly.

If everything seems to be set up correctly try turning access Off for everyone, then turning it back On after a minute and see if that solves the issue.

• Related Articles

• Setting up and Using the Classrooms Feature Overview

  What are Classrooms? When trying to send out a message to a small group quickly, it's much easier when the correct list is ready for you. Your app has always had the option of creating targeted lists for sending push notifications, news updates, and ...

• Adding Pictures / Images (Features) - 2022

  Objective:  Overview for adding "Pictures" in your dashboard by importing or manual selection. Log in to your Dashboard and navigate to  Features > Pictures. There are 2 (two) ways to add "Pictures" to your Dashboard: 1. Using the "Import" option ...

• Conversations Setup and Admin Settings - 2022

  Objective To explain the functionality of the 'Conversations' feature and how Administrators can Setup and manage the Settings from the Dashboard. 'Conversations' is a digital chat tool, located under 'Conversations' in the Menu: Setup the ...

• Building a Form

  Click “Form Builder”, then you may build your form using the tools on the left hand side on your screen. Changes are saved automatically, once complete click the link to under “Web Access URL” to preview.