Skip to main content
Version: 2.2.1

Authentication in Google Workspace via SAML 2.0

  1. Google Workspace account: A Google Workspace Admin account is required.

  2. Access Admin Console: Log in to Google Admin Console with your account. There you will be able to manage the settings of Google services.

  3. Add users: In Directory > Users, you can add new users or manage existing ones. In this example, we will enter the user's first name on the Google account as an attribute to be sent to SoftExpert Suite (this can be changed), so it is important to ensure that the user's first name is the same as the login of a user registered in SoftExpert Suite.

  4. Create SAML application: In Apps > Web and mobile apps, you can create a new custom SAML app for your SoftExpert Suite. Enter the following settings:

    • ACS URL: https://YOUR_DOMAIN/softexpert/saml
    • Entity ID: https://YOUR_DOMAIN/softexpert/selogin
    • Name ID: Select the "Unspecified" and "Basic Information > First Name" formats for name ID. This will be the attribute sent to SoftExpert Suite (again, this can be changed, but the SoftExpert Suite login information must match this field).

  5. Activate for all users: After the app is created, you will need to activate it for all users. You can do this in the "User access" section within the settings of your SAML application.

  6. Download Google metadata: In Apps > Web and mobile apps > YourAppName, click on "Download metadata".

  7. Set up SoftExpert Suite for single sign-on: In SoftExpert Suite, access the authentication configurations (CM008) and check SAML 2.0 in Authentication options. Then, in Authentication services > SAML 2.0, add a new record:

    • In "Upload Identity Provider configurations, upload the "GoogleIDPMetadata.xml" file downloaded from Google.
    • In "Credential ID #", enter "Login".
    • Insert an expiration date (years) and click on "Renew certificate".
    • Enter an ID # ("Google", for example) and click on "Apply".
    • Still on screen CM008, go to the Directory integration > General options menu and check "Enable integrated authentication for users that are not synchronized.".

Save the authentication configurations and log in to the system through single sign-on.