Skip to main content
All CollectionsIntegrationsSingle Sign On
Configuring single sign-on with Google Workspace

Configuring single sign-on with Google Workspace

Configure SAML-based logins for your team with Google Workspace’s SSO options

&Open Support avatar
Written by &Open Support
Updated over a year ago

Configuring single sign-on (SSO) on your gifting platform will enable you to give your team a one-click login experience, using a the SSO capabilities of the Google Workspace suite of tools.

Setting up an app

To get started, within the Google Workspace admin application. We’re going to walk through Google’s documentation on this process, which you can find here.

  1. In your Google Admin console (at admin.google.com)...

  2. In the sidebar Menu, scroll down to Apps > Web and mobile apps.

  3. Click Add App and then select Add custom SAML app from the dropdown

  4. On the App Details page:

    1. Enter the name of the custom app.

    2. (Optional) Upload an app icon. The app icon appears on the Web and mobile apps list, on the app settings page, and in the app launcher. You can use this image if you like.

    Click Continue.

  5. On the Google Identity Provider details page, select the “Download the IDP metadata” button. This will download a file named GoogleIDPMetadata.xml which you can then send to your Customer Success Manager in &Open to complete the configuration once we’re finished with these screens.

    Click Continue.

  6. To configure your application, you’ll just need your &Open account URL, which is provided during sign up by your Customer Success Manager. This is where your users go to send gifts, and it typically takes the form https://companyname.andopen.co.

    Set the “ACS URL” to be https://yourcompany.andopen.co/saml/acs, and set the “Entity ID” to be https://yourcompany.andopen.co/saml/metadata. Replace “yourcompany” with the appropriate value here.

  7. Under Name ID, we're going to set your users’ email address in Google Workspace as their primary identifier.

    Click Continue.

  8. On the Attribute mapping page, click Add another mapping 3 times and fill in these values to configure how we can see user's names during signup.

Google Directory attributes

App attributes

Primary email

user.email

First name

user.first_name

Last name

user.last_name

You can leave Group membership empty. Press “Finish”.

Turn on your SAML app

You now have the app created. The final step is to approve access either for your whole company, or to certain groups (teams) within the company. Click into “User access”.

The easiest way to configure is to just enable this login method for “all organizational units”.

If you want to limit access to certain teams, you can open “Groups” in the sidebar and type in the name of the group to enable access for those users. Add as many group names as you like here.

Once you’ve enabled everyone you need to, click Finish.

Now, just pass the GoogleIDPMetadata.xml file that you downloaded earlier to your Customer Success Manager in &Open and we will load this file into the platform to enable your access.

Related Articles
How do I configure Single-Sign-On (SSO) for my account
Connecting your gifting platform to Workday HR
Configuring single sign on with Okta
Walkthrough: configuring Salesforce for synchronisation of gifting
Did this answer your question?