How do you enable SAML Authentication for, within Google Workspace?

Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, you can contact a separate online identity provider to authenticate users who are trying to access secure content.

Here’s a walk-through of setting up Google Workspace as your SAML Identity Provider for

Note: Super Users can only configure the SAML Authentication within Google Workspace

Step 1:

Navigate to your Google Workspace admin page and select Apps→ Overview → Web and mobile apps


Step 2:

Click on the “Web & Mobile Apps” and click on Add App→ Add custom SAMP App.


Step 3:

Adding a custom SAML app involves various steps, you will need to update the following details as seen in the below screenshot.

  • App details
  • Google Identity Provider details
  • Service Providers details
  • Attribute mapping

You can define “Profit OKRs” as the Application Name. Grab the logo from here and upload it to Google.


Step 4:

Update the service provider details as shown in the table.

Fields Values
ACS URL It will be provided by team
Entity ID urn:profit-prod:profit-prod-sso-auth
Name ID Basic Information / Primary Email
Name ID Format ENTITY

Copy & Paste the URL in the Start URL field

saml-sso-url rest-vm


Step 5:

Define the attribute mapping as follows:

  • Type “Email Address” in the first field
  • Select “Basic Information” in the second field
  • Select “Primary Email” in the third field


Finally click on Finish to enable SAML Authentication.

Step 6:

The SAML App will be authenticated now for By default the access will be on for everyone.


Click on Google Applications to see the application.


It will be redirected to your default landing page in