Setting up Google Workspace SSO at the tenant level
With Google Workspace Enterprise Single Sign-On (SSO), IT administrators at organizations can efficiently handle user provisioning and enhance security through centralized authentication.
Google SSO Integration
Wristband supports the following security protocol for Google SSO:
- SAML2
Each tenant can have unique Google SSO identity providers. Configuration is done at the Tenant Level in the Wristband dashboard, with activation on a per-tenant basis.
Setting Up a Tenant-level Google Integration
This guide details how to set up Google SSO integration in Wristband.
1. Sign Up For A Google Workspace Account
Create a Google Workspace account here. Fill out the form and proceed to the Google Workspace Admin dashboard.
2. Add a Google Custom SAML App
In the Admin dashboard, navigate to "Web and mobile apps" from the "Apps" side menu. Select "Add app" > "Add custom SAML app."
Register your SAML integration information in the following steps:
- App details
- Google Identity Provider details
- Service provider details
- Attribute mapping
App Details
Provide values for Name, Description, and App Icon.
Google Identity Provider Details
You'll need this information to create the Google External IDP in Wristband. You can either:
- Download the IdP metadata
.xmlfile from Google and upload it to Wristband. - Manually copy and paste the SSO URL, Entity ID, and Certificate into Wristband.
3. Create a Google IDP in Wristband
Open the Wristband dashboard and create the Google Enterprise External Identity Provider using the Google metadata.
Don't Close Google Workspace
Keep the Google Workspace Admin dashboard open.
In the Wristband dashboard:
- Enter Tenant View for the tenant.
- Navigate to
Identity Providers > Enterprise. - Select the Google provider icon and click "Create IDP."
Metadata Upload
Select Upload File if you downloaded the Google IDP metadata .xml file, and upload it to Wristband.
Manual Copy and Paste
Select Manual if you copied the Google IDP metadata, then paste the values for SSO URL, Entity ID, and Certificate (Certificate 1).
Click "Create" to finish. You'll be prompted with two values to copy for Google:
- SP Entity ID
- ACS URL
4. Complete the Google Custom SAML App
Return to the Google Workspace Admin dashboard and continue.
Service Provider Details
Paste the copied values:
- ACS URL -> ACS URL
- SP Entity ID -> Entity ID
Click "Continue."
Attribute Mapping
Match Google Directory attributes with Wristband User Schema fields:
| Google Directory Attribute | App (Wristband) Attribute |
|---|---|
| First name | givenName |
| Last name | familyName |
| Primary email | |
| Phone number | phoneNumber |
Click "Finish" if not configuring Google Groups. Otherwise, proceed to the next step.
5. Configure the Groups Claim (Optional)
To use Google's Group Memberships with Wristband's Role Mapping, configure the Group membership section to map Google Groups to the groups attribute.
Click "Finish."
6. Enable Tenant Overrides for IDP
In the Wristband dashboard:
- Navigate to Tenant Settings.
- Scroll to Override Configurations.
- Enable "Identity Providers" overrides.
Overriding Identity Providers
This will override ALL identity providers from the Application Level for the tenant.
The Google Enterprise SSO integration is now complete. Users will see a Google login button on the Tenant-level Login Page.
Updated about 2 months ago