> ## Documentation Index
> Fetch the complete documentation index at: https://docs.datazone.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Google Workspace SAML Setup

> Configure SAML authentication with Google Workspace

<Frame>
  <img src="https://mintcdn.com/datazone/ptc71kGNJucfPZhv/images/google-workspace-logo.jpg?fit=max&auto=format&n=ptc71kGNJucfPZhv&q=85&s=630a30bd696983df52e3f37c4bbef1b2" alt="Google Workspace" width="1280" height="720" data-path="images/google-workspace-logo.jpg" />
</Frame>

## Prerequisites

* Administrator access to your Google Workspace account
* Your Datazone instance domain (e.g., `app.datazone.co`)

## Configuration Steps

### 1. Access Web and Mobile Apps

In your [Google Admin Console](https://admin.google.com/ac/apps/unified), navigate to **Apps** > **Web and mobile apps** from the left sidebar menu.

<Frame>
  <img src="https://mintcdn.com/datazone/ptc71kGNJucfPZhv/images/light/saml-auth/saml-google-1.png?fit=max&auto=format&n=ptc71kGNJucfPZhv&q=85&s=cbe650a424779de14db596f3faf5e712" alt="saml-google-1" width="3024" height="1722" data-path="images/light/saml-auth/saml-google-1.png" />
</Frame>

### 2. Add Custom SAML App

Click **Add app** and select **Add custom SAML app** from the dropdown menu.

<Frame>
  <img src="https://mintcdn.com/datazone/ptc71kGNJucfPZhv/images/light/saml-auth/saml-google-2.png?fit=max&auto=format&n=ptc71kGNJucfPZhv&q=85&s=5712b0cb0cd9173c208566d2210ee483" alt="saml-google-2" width="3024" height="1726" data-path="images/light/saml-auth/saml-google-2.png" />
</Frame>

### 3. Configure App Details

Provide a name for the application (e.g., "Datazone SSO"). You can optionally add an icon for the application.

<Frame>
  <img src="https://mintcdn.com/datazone/ptc71kGNJucfPZhv/images/light/saml-auth/saml-google-3.png?fit=max&auto=format&n=ptc71kGNJucfPZhv&q=85&s=85686a9ddbb1466dbf20d330871773db" alt="saml-google-3" width="3024" height="1724" data-path="images/light/saml-auth/saml-google-3.png" />
</Frame>

### 4. Collect Google Identity Provider Details

Google will display the following configuration details that you'll need for Datazone:

* **SSO URL**: Identity Provider Single Sign-On URL
* **Entity ID**: Identity Provider Issuer
* **Certificate**: Download the certificate (PEM format)

<Warning>
  Make sure to save these details securely. You'll need them to configure SAML
  in Datazone.
</Warning>

<Frame>
  <img src="https://mintcdn.com/datazone/ptc71kGNJucfPZhv/images/light/saml-auth/saml-google-4.png?fit=max&auto=format&n=ptc71kGNJucfPZhv&q=85&s=39161bd4564e834a829ca88884ee6c40" alt="saml-google-4" width="2876" height="1646" data-path="images/light/saml-auth/saml-google-4.png" />
</Frame>

### 5. Configure Service Provider Details

In the **Service provider details** section, set the following parameters:

* **ACS URL**: `https://YOUR_DATAZONE_DOMAIN/api/v1/auth/saml/acs`
* **Entity ID**: `https://YOUR_DATAZONE_DOMAIN/api/v1/auth/saml/acs`

Leave the rest of the form with default values.

<Note>
  Replace `YOUR_DATAZONE_DOMAIN` with your actual Datazone instance domain.
</Note>

<Frame>
  <img src="https://mintcdn.com/datazone/ptc71kGNJucfPZhv/images/light/saml-auth/saml-google-5.png?fit=max&auto=format&n=ptc71kGNJucfPZhv&q=85&s=fb89a2aab1a690813e3109acb27e72b0" alt="saml-google-5" width="3024" height="1672" data-path="images/light/saml-auth/saml-google-5.png" />
</Frame>

### 6. Add Attribute Mapping

In the **Attribute mapping** section, add the following mapping:

| Google Directory attributes | App attributes |
| --------------------------- | -------------- |
| Primary email               | `email`        |

<Frame>
  <img src="https://mintcdn.com/datazone/ptc71kGNJucfPZhv/images/light/saml-auth/saml-google-6.png?fit=max&auto=format&n=ptc71kGNJucfPZhv&q=85&s=71b971e0578b1c50dcfd68c9ea93dc39" alt="saml-google-6" width="3024" height="1726" data-path="images/light/saml-auth/saml-google-6.png" />
</Frame>

### 7. Configure User Access

After the app is created, you'll see the **User access** section on the main app page. Configure which users or organizational units should have access to Datazone through Google SSO.

<Frame>
  <img src="https://mintcdn.com/datazone/ptc71kGNJucfPZhv/images/light/saml-auth/saml-google-7.png?fit=max&auto=format&n=ptc71kGNJucfPZhv&q=85&s=798cd5e6f5199f92aa5806c05704006c" alt="saml-google-7" width="3024" height="1722" data-path="images/light/saml-auth/saml-google-7.png" />
</Frame>

### 8. Assign Users to the App

Assign the appropriate users or groups to the application to control who can access Datazone through Google Workspace SSO.

<Frame>
  <img src="https://mintcdn.com/datazone/ptc71kGNJucfPZhv/images/light/saml-auth/saml-google-8.png?fit=max&auto=format&n=ptc71kGNJucfPZhv&q=85&s=2efc9f2d2a0535eaac407d7da3965d88" alt="saml-google-8" width="2512" height="1392" data-path="images/light/saml-auth/saml-google-8.png" />
</Frame>

### 9. Enter Configuration in Datazone

Finally, enter the collected information from Step 4 into the Datazone SAML configuration settings as described in the [SAML Overview](overview) guide:

* **Entity ID (Issuer)**: Use the Entity ID from Google
* **SSO URL**: Use the SSO URL from Google
* **Certificate**: Upload the downloaded certificate (PEM format)

## Testing Your Configuration

After completing the setup:

1. Navigate to your Datazone login page
2. Click on the SSO/SAML login option
3. You should be redirected to Google for authentication
4. Upon successful authentication, you'll be redirected back to Datazone

## Additional Resources

For more information about configuring custom SAML applications in Google Workspace, refer to [Google's official documentation](https://knowledge.workspace.google.com/admin/apps/set-up-your-own-custom-saml-app).

<Info>
  If you encounter any issues during setup, refer to the [SAML troubleshooting
  guide](overview#troubleshooting) or contact support at [support@datazone.co](mailto:support@datazone.co)
</Info>
