Configure Google Workspace as the Identity Provider (IdP)
This guide provides step-by-step instructions for configuring SAML Single Sign-On (SSO) between Google Workspace (as the Identity Provider) and vFairs (as the Service Provider). The document is designed for administrators and technical personnel responsible for setting up and managing SSO integrations.
Key Objectives:
- Enable SAML SSO: Configure Google Workspace as the Identity Provider (IdP) and vFairs as the Service Provider (SP).
- Attribute Mapping: Map user attributes (e.g., email, first name, last name) between Google Workspace and vFairs.
- Mobile SSO Setup: Configure SSO for the vFairs mobile app using a unique SSO code.
- Testing and Debugging: Validate the SSO setup and troubleshoot common issues.
Process:
Step 1
- Access the Google Admin Console by signing in with your administrator account at admin.google.com.
- Navigate to Apps > Web and mobile apps.
- Create a Custom SAML Application
Click Add App > Add custom SAML app.
Enter App name (e.g., "vFairs") and optionally upload a logo. Click Continue.Select "Add App" then "Add custom SAML app."
- Input app name (e.g., "vFairs") and optionally upload a logo.
- Click "Continue."
Configure Google IdP Settings
- Download Google IdP Metadata (optional): Note the SSO URL, Entity ID, and Certificate provided by Google. These will be needed for vFairs configuration.
- Service Provider Details (from vFairs):
- ACS URL: Provided by vFairs (e.g., https://[yourdomain].vfairs.com/saml/acs).
- Entity ID: Metadata Data url from vFairs
- Name ID Format: Always EMAIL. Confirm with vFairs.
- Name ID: Map to Basic Information > Primary Email.
Attribute Mapping (Google → vFairs)
- Add the following SAML attributes in Google Admin:
|
Google Directory Attribute |
SAML Attribute Name |
|
Primary Email |
|
|
First Name |
firstName |
|
Last Name |
lastName |
After Completion of this download metadata file from GWS and share that with the vFairs team or one can set up the SSO itself at the backend settings of SSO ..
Step 2
Input the values here for the backend settings SSO section.
The SSO code for mobile app SSO login is the Organization Name or a numeric code. For example, the SSO code for the organization could be "whogivesacrap" or any other code as suggested by the user.
Why is a Code needed?
Since vFairs is a SaaS app, a code must be set up once a user signs in with SSO. This allows the system to recognize that the user is accessing the mobile app for this event.
For mobile:
https://youreventurl/en/mobile_sso?redirect_to=youreventSSOURL
example
https://abc.vfairs.com/en/mobile_sso?redirect_to=https://abc.vfairs.com/en/mobile_sso
Enable Debugging
Turning on this option will display the SAML assertion response on your screen after IdP credential verification. This can help you evaluate and finalize your SSO configurations. Click on the dev/?sso URL below for further assistance.
Once SSO configurations are updated, your event SSO URL will be accessible for testing: https://youreventurl/vfair/saml/event/dev/?sso
Example Login URL: https://event.vfairs.com/vfair/saml/event/dev/?sso
Troubleshooting
- Mismatched URLs: Ensure ACS URL and Entity ID match exactly between Google and vFairs.
- Certificate Errors: Verify the uploaded certificate is unexpired and correctly formatted.
- Attribute Mismatches: Confirm SAML attributes (e.g., email) are mapped correctly.
If you have any additional questions or need further assistance, please don't hesitate to reach out to our integration team at Email