Setup Google Workspace SSO

This guide walks through configuring Google Workspace as a SAML identity provider for Firetiger. You will create a custom SAML app in the Google Admin Console and provide the resulting configuration to Firetiger.

Prerequisites

  • Google Workspace admin access
  • Firetiger deployment with SSO enabled

Step 1: Create a Custom SAML App

  1. Sign in to the Google Admin Console
  2. In the left sidebar, go to Apps > Web and mobile apps
  3. Click Add app > Add custom SAML app
  4. Enter an App name (e.g., “Firetiger”) and optionally upload an icon
  5. Click Continue

Step 2: Download Identity Provider Metadata

On the Google Identity Provider details screen:

  1. Click Download Metadata to download the IdP metadata XML file
  2. Save this file – you will provide it to Firetiger in a later step
  3. Click Continue

Alternatively, you can manually copy the SSO URL, Entity ID, and Certificate values from this screen.

Step 3: Configure Service Provider Details

Enter the values provided by Firetiger:

Field Value
ACS URL Provided by Firetiger
Entity ID Provided by Firetiger

Under Name ID:

  1. Set the Name ID format to EMAIL
  2. Set the Name ID to Basic Information > Primary email

Click Continue.

Step 4: Configure Attribute Mapping

In the Attributes section, click Add mapping to create the following mappings:

Google Directory Attribute App Attribute
Primary email mail
First name firstName
Last name lastName

Click Finish.

Step 5: Enable the App for Users

After creating the app, you will be on the app detail page:

  1. In the User access section, click OFF for everyone
  2. On the Service status page, select ON for everyone (or select specific organizational units)
  3. Click Save

Changes may take up to 24 hours to propagate, though they typically apply within a few minutes.

Step 6: Provide Configuration to Firetiger

Send the following to Firetiger to complete the setup:

  • The IdP metadata XML file downloaded in Step 2, or the individual SSO URL, Entity ID, and Certificate values

Once Firetiger configures the connection, users in your Google Workspace organization will be able to sign in via SSO.

This site uses Just the Docs, a documentation theme for Jekyll.