SAML integration to Google Workspace SAML integration to Google Workspace

SAML integration to Google Workspace

SAML is an XML-based open-standard for transferring identity data between two parties. Using SAML we can integrate Blinq with Google Workspace in order to create a custom SAML Application.

 

Note

Blinq only supports Identity Provider initiated SSO at the moment. We will be adding support for Service Provider initiated SSO in the near future which will enable your organisation to log into Blinq using SAML-based SSO.

 

Setup

Creating a SAML application in Google Workspace

  1. Navigate to https://admin.google.com and log in
  2. Hover over the left side of the screen to view the navigation bar, then click Apps > Web and mobile apps
  3. Click Add App and in the dropdown select Add custom SAML app
  4. Enter App name and Description
  5. Click Continue

 

mceclip0.png
Step 3

 

mceclip1.png
Step 4

 

You will see two options, we are using Option 2: Copy the SSO URL, entity ID, and certificate. You will need to give these details to Blinq so let's open up the Blinq Dashboard before proceeding.

  1. Navigate to https://dash.blinq.app in a new tab
  2. If you aren't logged in to Blinq you will need to do so
  3. Click on your workspace in the top left of the screen
  4. In the dropdown click Settings
  5. Under the Integrations page you should see SAML Configuration settings which contains two sections - the Identity Provider Settings and Service Provider Settings. Click on Identity Provider Settings - you should see three inputs where you can enter in those details from Google
  6. Navigate back to Google Workspace and copy each detail, pasting them into the corresponding input in Blinq
  7. Once you have pasted all the details into Blinq click Save
  8. Now click the Service Provider Settings section - you should see two pieces of information, the Service Provider Entity ID and the ACS URL. We need to give this information back to Google.
  9. Copy the Service Provider Entity ID and navigate back to Google Workspace
  10. Click Continue
  11. Google should now ask you for Entity ID and ACS URL - paste in those details from Blinq
  12. Select the Name ID Format dropdown and then select Email
  13. Click Continue
  14. We don't need to add any attribute mappings, you can leave the default settings and click Finish
mceclip2.png
Step 12

 

We now need to enable the Blinq app in Google Workspace.
  1. Click the User access section in your Blinq app on Google Workspace
  2. To turn on or off a service for everyone in your organization, click ON for everyone or OFF for everyone, and then click Save

 

mceclip3.png
Step 1

 

mceclip4.png
Step 2

 

Verify that the application in Google Workspace can login via SAML

  1. Make sure you are in your Blinq application in Google Workspace, and then click TEST SAML LOGIN
  2. A new tab should open that asks you to login via Google. If it doesn’t, use the information in the resulting SAML error messages to update your IdP and SP settings as needed, then retest SAML login.
  3. Login using an email address that matches your Google Domain, i.e. if your google domain was blinq.me than you would have to login with an email that ended with @blinq.me
  4. After logging in if you see a JSON format data with your personal information, it means that you have set up SSO successfully.

 

mceclip1.png
Step 1