Google Integrations
      Back to home
      1. Flexopus Help Center
      2. Integrations
      3. Google Integrations

      Google Workspace (SAML2 SSO)

      The standardised SAML2 interface of Flexopus offers the possibility to connect Google Workspace to configure single sign-on.

      Configuration

      1. Open the Google Admin Console and select Apps > Web and Mobile Apps (or use this link).
        Screen-Shot-2022-06-14-at-12-27-27-png-1
      2. Click Add App and select Add Custom SAML App from the dropdown.
        Screen-Shot-2022-06-14-at-12-28-16-png
      3. Enter the App-Details
        App-Name: Flexopus
        Description: Desk Sharing Software
        Screen-Shot-2022-06-14-at-12-31-31-png
      4. Now select option 1: Download idP metadata
      5. Open Flexopus and upload this file. To do this, switch to the admin area and open the tab Authentication in the settings. Add a new provider and choose SAML2. Choose the configuration method 'Metadata-File' and upload the file.
        Cursor_and_Settings_-_Flexopus
      6. Activate the login and save your changes.
      7. Switch back to the Google Admin Console and configure the required parameters. Note: Exchange {your-flexopus-domain} or demo.flexopus.com with your domain.
      • ACS URL: https://{your-flexopus-domain}/internal-api/auth/integrations/saml2/callback
      • Entity-ID: https://{your-flexopus-domain}/auth/saml2
      • Start-URL: Leave empty.
      • Leave the signed reply deactivated! The responses are still sent signed, but only the assertion. This corresponds to the software standard. Flexopus does currently not support fully signed responses.
      • You can find more information at point 10: https://support.google.com/a/answer/6087519?hl=en
      • Name-ID-Format: PERSISTENT
      • Name-ID: Basic Information > Primary email
      • Start-URL: initiate-sp-login
        Start URL is the default relay state at Google. We must set this value in order to be able to convert the IdP initiated login to an SP initiated login. This setting enables the login when the user clicks on the application from Google. (Select app at the top right)

      8.     Set the attributes as follows:

      Mandatory information:

      • Primary email: http://schemas.xmlsoap.org/claims/EmailAddress
      • Primary email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
      • First name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
      • Last name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

      Optional information:

      • Department: department
      • Title: jobtitle

      Screen-Shot-2022-06-14-at-12-54-48-png

       You can leave the group membership blank.

      9.     Click finish

      Screen-Shot-2022-06-14-at-12-57-00-png

      10.     Test the connection directly in Flexopus by logging in using Google.

      The login does not work?

      1. It is possible that Google's settings will not be applied immediately. Wait about 30 to 60 minutes.
      2. Check the settings step by step.
      3. Contact us: support@flexopus.com. Our technical support can also assist you in a video call.  

      R0050