SAML setup for Gsuite

Updated 2 weeks ago by Andrew White

For best practices and tips for using SAML with Spoke, check out our SAML overview article.

Set up Google as a SAML provider

Log into your GSuite admin console (admin.google.com) and navigate to "Apps > SAML Apps."

  1. Select the yellow "+" button at the bottom right corner of the page.
  2. Find and select Spoke from the application list.
  3. On the Google IDP Information page. Save the "SSO URL" and download the certificate.
  4. Click "Next" - The Basic information window will show the application name and description seen by users.
  5. Click "Next"
  6. On the Service Provider Details page, edit the ACS URL value. Replace {your-domain} with your Spoke Org ID.
  7. On the Attribute Mapping page, set Select category and Select user field values as follows for the listed attributes:

Once these attributes have been entered, select Save.

Set up Spoke as a SAML 2.0 Service provider

Open a new tab, and using Admin credentials, log into your Spoke web app.

  1. Navigate to "Settings"
  2. Select "SAML"
  3. Paste the "SSO URL" from GSuite into the "Sign on URL" field in Spoke.
  4. Paste the "Entity ID" from GSuite into the "Issuer" field in Spoke.
  5. Paste the certificate into the "Public certificate" field in Spoke.
  6. When you are finished, Select "Save."

Enable Spoke in Gsuite

Next, navigate to the Gsuite Admin console:

  1. From the Admin console Home page, go to Apps > SAML Apps. To see Apps on the Home page, you might have to click More controls at the bottom. 
  2. Select Spoke.
  3. In the top right of the grey box, select "Edit Service"
  4. To apply settings to all organizations, select "On for everyone" then click "Save"


How did we do?