Google Workspace Integration
This guide walks you through how to configure SAML-based Single Sign-On (SSO) between Google Workspace and Fixiam using the pre-integrated Google Workspace app available in IAM.
✅ Prerequisites
- You have admin access to both Google Workspace and Fixiam.
- The domain used in Google Workspace must be verified.
Step 1: Start from Fixiam
- Log into Fixiam
- Go to Applications > Apps
- Click Add New Application
- From the app list, find Google Workspace (pre-integrated)
- Click on it to open the application page
Step 2: Export Metadata from Fixiam
Once the Google Workspace application is open:
- Go to the Configuration page
- Click Export Metadata
- This will open the XML metadata in a new browser tab
- From the metadata:
- Locate entityID="..." → Copy this as the IDP Entity ID
- Locate <md:SingleSignOnService Location="..." → Copy the Sign-In Page URL
- Locate the value inside <ds:X509Certificate> → This is your certificate
- From the metadata:
Step 3: Configure SAML in Google Workspace
- Go to Google Workspace Dashboard
- Click your profile photo → Select Admin Console
- In the Admin Console, locate the search bar at the top, type SSO
- Select SSO with third-party IDP
Step 4: Add a New SAML Profile
On the SSO with third-party IDP page, click on Add SAML Profile.
- Fill out the form with the following details:
- SSO Profile Name: Fixiam
IDP Entity ID: obtain this from the Fixiam metadata exported as completed in step 2
Sign-in Page URLobtain this from the Fixiam metadata exported as completed in step 2
Sign-out Page URL: Leave this blank
Change Password URL: Leave this blank
Upload the Certificate File:
- Use the copied X.509 Certificate value from Fixiam
- Create a text file (e.g., cert.pem) and paste the certificate inside
- Upload this file here
- SSO Profile Name: Fixiam
IDP Entity ID: obtain this from the Fixiam metadata exported as completed in step 2
Sign-in Page URLobtain this from the Fixiam metadata exported as completed in step 2
Sign-out Page URL: Leave this blank
Change Password URL: Leave this blank
Upload the Certificate File:
- Click Save
Step 5: Retrieve Google Entity ID and ACS URL
- After saving, you’ll be redirected to a new page
- From that page, copy the following:
- Entity ID
- ACS URL (Assertion Consumer Service URL)
📌 You will use these to complete the configuration in Fixiam
Step 6: Complete Configuration in Fixiam
- Go back to the Google Workspace app configuration page in Fixiam
- Enter the following:
| Field | What to Enter |
|---|---|
| SP Entity ID | Paste the Entity ID from Google |
| ACS URL | Paste the ACS URL from Google |
| Audience URL | (Optional) Leave blank or reuse SP |
| Sign Assertion | ✅ Enable this checkbox |
- Click Next or Save to complete configuration
Step 6: Create Group in Google Workspace
- Go to Directory > Groups > Create Group
- Enter:
- Group Name:Fixiam SSO Users
- Group Email:Use admin or service email
- Click Save
Step 7: Add Users to Group
- Open the newly created group
- Add users who should log in via Fixiam as members
Step 8: Assign SSO Profile to the Group
- Go back to SSO with third-party IDP in Google Admin Console
- Click Manage under SSO Profile Assignments
- Set the following:
- Group :Fixiam SSO Users
- SSO Profile: Fixiam
- Login Option: Allow users to enter Google username and be redirected to Fixiam
- Click Save
Step 9: Test the SSO Login
- Go to a Google Workspace service (e.g., Gmail, Docs)
- Try logging in with a user that belongs to the assigned group
- If successful:
- User is redirected to Fixiam
- After login, they are redirected back to Google Workspace
🎉 All Done!
You’ve successfully integrated Google Workspace with Fixiam using SAML SSO. Users can now enjoy secure, IAM-managed access across Google tools.
Updated about 2 months ago