Setting up SSO with Google Workspace

Create SAML app

1. Open the Google Workspace Admin Console at admin.google.com.

2. On the left menu, click Show more and navigate to Apps > Web and mobile apps.

3. Click Add app and select Add custom SAML app.

   

4. Enter the following data.

   Field	Content
   App name	freispace
   App icon	Upload this file: freispace-icon.png

5. Click CONTINUE.

Get Google's settings

1. On freispace, start by clicking Add tenant and entering a name for this connection, i.e. Google.

2. Then, copy the provided data from Google into freispace.

   freispace name	Google name	Example data
   Login URL (SSO endpoint)	SSO URL	https://accounts.google.com/o/saml2/idp?idpid=xxxxx
   IdP Issuer ID	Entity ID	https://accounts.google.com/o/saml2?idpid=xxxxxx
   IdP X.509 Certificate	Certificate	-----BEGIN CERTIFICATE----- xxxxxxxxxx -----END CERTIFICATE-----

   

3. Additionally, enter the following data.

   freispace field name	Data
   Namespace definition for given names	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
   Namespace definition for surnames	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

4. Click CONTINUE on the Google setup page.

5. Click Save settings on freispace.

Set settings on Google

After saving the settings on freispace, you will now see two fields: Reply URL and Identifier. Google needs to know about these settings.

1. Copy over the settings from freispace into Google.

   freispace	Google	Example data
   Reply URL	ACS URL	https://api.app.freispace.com/api/v1/saml2/xxx/acs
   Identifier (Entity ID)	Entity ID	https://api.app.freispace.com/api/v1/saml2/xxx/metadata
   Team Login URL	Start URL	https://app.freispace.com/login/xxx

2. Ensure that Signed response is not checked.

3. Additionally, set Name ID to Basic Information > Primary email. (Leave Name ID format as UNSPECIFIED.)

   

4. Click CONTINUE on the Google setup page.

Attribute mapping

In order for freispace to automatically import your users' names, you will need to map attributes as described.

1. Click ADD MAPPING twice and add the following mappings.

   Google Directory attributes	App attributes
   First name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
   Last name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

   

2. Click FINISH.

Activating the SAML app

1. On freispace, click Activate.

2. On Google Workspace, click the tile User access.

   

3. Set Service Status to ON for everyone and confirm with SAVE.

Done! 🎉

freispace should now appear as an app in the App drawer.