SAML setup for Gsuite

Updated 1 week ago by Andrew White

For best practices and tips for using SAML with Spoke, check out our SAML overview article.

Spoke's SAML integration relies on a user level token. To insure consistent delivery of SAML services, Spoke best practices recommend using an admin service account such as IT@yourcompany.com to complete this integration.

Set up Google as a SAML provider

Log into your GSuite admin console (admin.google.com) and navigate to "Apps > SAML Apps."

  1. Select the yellow "+" button at the bottom right corner of the page.
  2. Find and select Spoke from the application list.
  3. On the Google IDP Information page. Save the "SSO URL" and download the certificate.
  4. Click "Next" - The Basic information window will show the application name and description seen by users.
  5. Click "Next"
  6. On the Service Provider Details page, edit the ACS URL value. Replace {your-domain} with your Spoke Org ID.
  7. On the Attribute Mapping page, set Select category and Select user field values as follows for the listed attributes:

Once these attributes have been entered, select Save.

Spoke Configuration

Log into Spoke and navigate to the Integrations menu.

  1. Navigate to Settings
  2. Select the Integrations Menu
  3. Find the SAML tile and choose Connect

Copy the following fields from your Gsuite setup page into the Spoke Settings/SAML Page.

  1. SSO URL
  2. Issuer
  3. Public certificate
  4. Press Test SAML connection

Once the test is completed, you can push Enable SAML

Enable Spoke in Gsuite

Next, navigate to the Gsuite Admin console:

  1. From the Admin console Home page, go to Apps > SAML Apps. To see Apps on the Home page, you might have to click More controls at the bottom. 
  2. Select Spoke.
  3. In the top right of the grey box, select "Edit Service"
  4. To apply settings to all organizations, select "On for everyone" then click "Save"


How did we do?


Powered by HelpDocs