SAML2.0: How to connect to Google Workspace

Activate SSO and automatic user provisioning via the Google Workspace (formerly GSuite) SAML2.0 identity provider.

Connect to Google Workspace via SAML2.0

Step 1. Create SAML App in Google Admin

Login to your Google Workspace administrator account and navigate to Apps → SAML Apps. Create a new App.
At Step 1 choose Setup My Own Custom App at the bottom of the dialog.
g1

Step 2 of the dialog will display the Identity’s Provider info

Step 2. Configure the SAML Connection in YAROOMS
Inside a new browser tab, login as an administrator to your YAROOMS domain. Navigate to SettingsIntegrations → SAML 2.0 Authentication and start the integration process. In the Connection tab, fill in the form as follows:
  •  Identity Provider: Type Google SAML (this is a label, any value is accepted, it will appear on the login page as "Authenticate with Google SAML")
  •  Issuer URL: Copy and paste the value for Entity ID from Google IdP Information.
  •  SAML Endpoint: Copy and paste the value for SSO Url from Google IdP Information - or type a placeholder URL (this link is temporary, it will be changed later)
  •  X.509 Certificate: Download the certificate from the Google IdP Information dialog. Open the .pem file with a text editor and copy its contents to the YAROOMS Connection form. 
g2-1
  •  Name ID Format: choose emailAddress as value.
  •  Attributes Mapping:
g3
  •  Map First Name to FirstName
  •  Map Last Name to LastName
Save options and navigate to User options tab. Set default group and location for the new users, created with data from the Identity Provider.
g4
Save User options and navigate to Application details tab. The values present in this tab will be used in the next step. Please note these are placeholders and actual URLs will be dependant on your YAROOMS account.
g5

Step 3. Fill Service Provider Details in the Google App

Back to the Google App, the dialog should now be in step 4. Fill in the fields as follows:
  •  ACS URL: Paste the value from the ACS (Consumer) URL field from YAROOMS Application details.
  •  Entity ID: Paste the URL of your YAROOMS domain. Eg: https://your_domain.yarooms.com/
  •  Name ID: Basic Information, Primary Email
  •  Name ID Format: EMAIL
Save and move to Attribute Mapping.

Step 4. Map Attributes in the Google App

Define the next value set for mapped attributes:
  •  FirstName - Basic Information - First Name
  •  LastName - Basic Information - Last Name
g6
Save the Application.
In Google Admin, navigate to Apps → SAML Apps. Turn the App on and configure the user settings accordingly.
g7

Step 5. Fix the SAML Endpoint in YAROOMS Connection Settings

To get the valid SAML Endpoint for the newly created Google SAML App, go to Google Admin. Open the Google App menu and look for the YAROOMS SAML application previously created.
g8
Right click (or Control-click on Mac) and select Copy Link Address. Go to YAROOMS Connection tab and paste the link in the SAML Endpoint field. It should look like https://accounts.google.com/o/saml2/initsso?idpid=C012abcde&spid=123456789012&forceauthn=false
Save Connection settings. Go to Application details tab and activate YAROOMS SAML 2.0 Integration.

Note: Proper user provisioning and assignment in Google Workspace are not topics covered by this tutorial which assumes you already know how to configure Google Workspace options that are specific to how your organisation sets up its users. The assignment of access for users to the newly configured YAROOMS app is one of these topics.