Introduction
Enable Single Sign-On from your Google Workspace to your Canary Console with these steps.
Step 1: Create a support request to enable SAML
Drop us a note at support@canary.tools to enable SAML and we’ll get your Console ready.
We'll enable SAML support on your Console which will generate the parameters you need.
Step 2: Log in to your Canary Console and copy the SAML parameters
Log into your Console, click the white Gear Icon on the top right hand side of your screen, select "Global Settings" and scroll down to the SAML section at the bottom of the page. You will find the info for your Console (pictured below) that you'll need for Step 7 of the process:
Step 3: Configure "Web and mobile apps" on your Google Workspace Admin Console
Go to the left pain and select Web and mobile apps.
Step 4: Add custom SAML app
Select the "Add app" drop down button and hit the "Add custom SAML app" option.
Step 5: Configure App details
On the App Details page enter the name of application, and optionally include a description and app icon. Once completed, click the continue button.
Step 6: Download IdP metadata
On the Google Identity Provider details page, download the IdP metadata and save for later. Progress through the wizard by clicking the continue button.
Step 7: Enter SAML details
On the Service provider details page, enter the:
- ACS URL from the "ACS (Login URL)" parameter from Step 2.
- Entity ID from the "Service Provider ID" parameter from Step2.
Additionally, set the "Name ID format" to EMAIL and leave the "Name ID" as Basic Information > Primary email. Progress through the wizard by clicking the continue button.
Step 8: Assign Users/Groups
On the Attribute mapping page, optionally include a pre-configured user group to gain access to the application. Click on the Finish button.
If a pre-configured group was not assigned to the application, select your application and modify the User access accordingly.
Depending on your requirement, permit all users, specific groups or organisational groups access to the application. Click on the "save" button.
Your Google Workspace configuration is done!
Step 9: Send us the SAML Metadata and your Service Provider ID (SP ID)
Send the SAML metadata file from Step 6 to us in your support ticket. Also include your Service Provider ID within the ticket. You can find the SP ID by selecting your application and noting the number in the url. For example:
- https://admin.google.com/ac/apps/saml/759992482078
We will configure your Console with the IdP metadata and confirm when SAML support is fully set up.
Step 10: Test login from both the Console and Google Workspaces
You'll know it's working when you see your Console Login page show a "Login with SSO" button: