Aller au contenu principal
Zenovaydocs
4 min de lecture

Google Workspace SSO Setup

This guide walks you through configuring Google Workspace as your identity provider for Zenovay Single Sign-On using SAML 2.0.

SSO requires a Scale or Enterprise plan and Owner or Admin permissions in Zenovay, plus Super Admin access to Google Workspace.

Google Workspace supports SAML 2.0 for custom applications. For organizations that prefer OpenID Connect, consider using a third-party IdP like Auth0 or Okta with Google as a social connection.

Step 1: Add a Custom SAML App in Google Admin

  1. Sign in to the Google Admin Console
  2. Go to Apps > Web and mobile apps
  3. Click Add app > Add custom SAML app
  4. Enter an App name (e.g., "Zenovay") and optionally upload a logo
  5. Click Continue

Step 2: Download Google IdP Information

On the Google Identity Provider details page:

  1. Copy the SSO URL — you will need this for Zenovay
  2. Copy the Entity ID — you will need this for Zenovay
  3. Click Download Certificate to download the X.509 certificate
  4. Click Continue

Save these three values carefully. You will enter them in Zenovay in Step 4.

Step 3: Configure Service Provider Details

On the Service provider details page, enter:

Google Admin FieldValue
ACS URLhttps://auth.zenovay.com/api/sso/saml/callback
Entity IDhttps://auth.zenovay.com
Name ID formatEMAIL
Name IDBasic Information > Primary email

Leave Start URL empty. Click Continue.

Step 4: Configure Attribute Mapping (Optional)

Map Google directory attributes to Zenovay:

Google Directory AttributeApp Attribute
First namefirstName
Last namelastName

Click Finish.

Step 5: Enable the App for Users

By default, the app is OFF for everyone. To enable it:

  1. On the app details page, click User access
  2. Select ON for everyone to enable for all users in your organization
  3. Or click on specific organizational units to enable for selected groups
  4. Click Save

Changes may take up to 24 hours to propagate to all users in Google Workspace.

Step 6: Configure Zenovay

  1. In Zenovay, go to Settings > Authentication > SSO
  2. Click Add SSO Provider
  3. Select SAML 2.0
  4. Enter:
    • Name: e.g., "Google Workspace"
    • Entity ID: the Entity ID copied from Step 2
    • SSO URL: the SSO URL copied from Step 2
    • Certificate: open the downloaded certificate file in a text editor and paste its contents
  5. Click Save
  6. Add and verify your email domain

Step 7: Test the Connection

  1. Open an incognito window
  2. Go to auth.zenovay.com
  3. Enter a Google Workspace email from your verified domain
  4. You should be redirected to Google sign-in
  5. Sign in with your Google Workspace credentials
  6. You should be redirected back to the Zenovay dashboard

Step 8: Enforce SSO (Optional)

Once testing is successful:

  1. In Zenovay, go to Settings > Authentication > SSO
  2. Toggle Enforce SSO to on

Troubleshooting

  • App not visible to users: Check that the app is turned ON in User access and that changes have propagated (up to 24 hours)
  • 403 error from Google: The user is not assigned to the app. Enable the app for their organizational unit
  • Entity ID mismatch: Verify the Entity ID in Google Admin is exactly https://auth.zenovay.com
  • Certificate issues: Open the .pem file in a text editor and paste the full contents including the BEGIN and END lines

For more help, see the SSO Troubleshooting Guide.

Cette page vous a-t-elle été utile ?