Google Workspace
Hideez Identity Cloud - Configuration SAML 2.0 for Google Workspace
Last updated
Hideez Identity Cloud - Configuration SAML 2.0 for Google Workspace
Last updated
Define a user group, OU, or select individual users to whom Google Workspace access via Hideez Cloud SAML SSO will apply:
Go to admin.google.com.
Navigate to Menu → Directory → select User, Group, or Organizational Unit (OU).
Choose an existing option or create a new group, user, or OU for SAML login via Hideez Cloud.
Navigate to Menu → Directory → Group and create group.
Enter required group details:
Group name
Group email (existing or new email for the group)
Select Group labels → Security, and proceed to configure Access type (e.g., Public), then click Create Group.
Select the newly created group and add users who will access Google services via SAML through Hideez Identity Cloud.
In admin.google.com.
Navigate to Menu → Show more→Security → Authentication → SSO with third-party IdP.
Under Third-party SSO profiles, click Add SAML profile.
Enter a profile name (e.g., "Hideez Cloud") and save.
In Hideez Cloud, go to Integrations → SAML.
Click on Create App Integration and enter:
Name: (e.g., Google Multi-IdP SSO Profile).
In Google Admin, open the SAML profile and copy the following details:
Issuer/SP Entity ID (e.g., https://accounts.google.com/samlrp/unique-id
).
ACS URL (e.g., https://accounts.google.com/samlrp/unique-id/acs
).
Click Create.
In Google Admin, open the SAML profile and fill in IDP details from Hideez Cloud:
IDP entity ID
Sign-in page URL
Sign-out page URL (optional)
Verification certificate
Click Save.
Go to Manage SSO profile assignments in Google Admin Console.
Assign the new SSO profile to specific OUs or groups as needed.
Click Save.
SP-Initiated SSO Links for Google Services These URLs allow direct access to services through SSO:
Mail: https://www.google.com/a/your-domain.com/ServiceLogin?continue=https://mail.google.com
Drive: https://www.google.com/a/your-domain.com/ServiceLogin?continue=https://drive.google.com
Calendar: https://www.google.com/a/your-domain.com/ServiceLogin?continue=https://calendar.google.com
Replace your-domain.com
with your actual domain.
Summary for Option 2: Multi-IdP SSO Profile
Create a user group and add members.
Set up a SAML profile in Google Admin and Hideez Cloud.
Assign the profile to the specific group.
Save all changes.
Root Organization SSO Profile: Uncheck Set up SSO with third-party identity provider in Google Admin Console and save.
Multi-IdP SSO Profile: Go to Manage SSO profile assignments → select None for SSO profile and save.