Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Configure Single Sign On with Google Workspace

            Modified on Thu, 16 Apr at 9:48 AM

            TABLE OF CONTENTS

            Step 1 – Create a SAML 2.0 application in Google Workspace

            1. Sign in to the Google Admin console
              • Go to admin.google.com.
              • Sign in with an account that has Super Admin or equivalent privileges to manage apps and security.

            2. Create a new custom SAML app for Atlas 

              • In the Admin console, go to Apps → Web and mobile apps (or Apps → Web and mobile apps → Add app, depending on your layout).
              • Click Add app and select Add custom SAML app.
              • Enter an application name, for example “Atlas SAML SSO”, and optionally add a description and icon.
              • Click Continue.

            3. Download Google IdP metadata and certificate 

              • Download the IdP metadata XML file and/or note the SSO URL and Entity ID that Google provides.
              • Download the certificate (if it is provided separately); this will be required in Atlas.

              • Click Continue after you have downloaded or copied the required information.

            4. Configure basic SAML settings with Atlas values
              On the Service Provider details step, use values from the Atlas Single Sign On configuration wizard:

              • Set ACS URL (Assertion Consumer Service URL) to the Atlas Single Sign On URL.

              • Set Entity ID (or Audience URI) to the Atlas Audience / Entity ID.

              • For Name ID format, select EMAIL or EMAIL_ADDRESS, unless your Atlas administrator specifies a different format.

              • For Name ID, select Primary email (or another identifier required by your internal standards and Atlas configuration).

              • Leave optional fields at their defaults unless instructed otherwise by your Atlas administrator.

              • Click Continue.

                Important: Do not use generic example values from other documentation. Always use the exact values generated for your Atlas environment.

            5. Configure Google Workspace SAML attributes / mappings (if required)
              • On the Attribute mapping step, configure how user attributes are sent in the SAML assertion:
                Click Add mapping to create attribute mappings.

                • Configure attributes to include at least:

                  • Email address

                  • First name

                  • Last name

              • Example mappings:

                • App attribute: email → User field: Primary email

                • App attribute: given_name → User field: First name

                • App attribute: family_name → User field: Last name

              • The phone number attribute is optional and can be skipped.

                Use clear, consistent attribute names (for example email, given_name, family_name) that you will later map in Atlas.

              • Click Finish to create the app.

            6. Enable the app for users 
              • After the app is created, open it in the Web and mobile apps list.
              • Go to the User access section.
              • Turn the app ON for the organisational units (OUs) or groups whose users should be able to access Atlas.
              • Save your changes.

            Step 2 – Add users in Google Workspace and Atlas

            1. Confirm and assign users in Google Workspace
              • In the Admin console, go to Directory → Users.
              • Ensure that users who will sign in to Atlas exist, are active, and are in OUs or groups where the Atlas SAML app is turned ON, so they can authenticate via SSO.
            2. Add the same users in Atlas 
              • In Atlas, open the user management area.
              • Create or confirm user accounts that match the identifiers used in Google Workspace (typically the primary email address).
              • Make sure these identifiers match exactly so SSO can correctly map users between Google Workspace and Atlas.

            Step 3 – Configure Single Sign On in Atlas

            Open the Single Sign On configuration page in Atlas and follow the wizard.

            1. Configuration name and protocol
              • Enter a clear configuration name, for example:

                “Google Workspace Single Sign On”.

              • Select SAML 2.0 (or the equivalent option) as the protocol, matching what you configured in Google Workspace.

            2. Atlas Single Sign On endpoints 
              • In the wizard step labelled Atlas Single Sign On endpoints, review the values shown (Single Sign On URL and Audience / Entity ID).
              • Confirm these match the values you entered in the Google Workspace SAML configuration (for example, ACS URL and Entity ID / Audience URI).
            3. Identity provider configuration (Google metadata, certificate, URLs) 
              In the relevant step of the Atlas wizard, paste or upload the Google identity provider details you collected earlier:

              • IdP metadata XML (or SSO URL and Entity ID)

              • Certificate

              • Sign-in URL (and logout URL, if applicable)

                Save this configuration step after entering all required values.

            4. User attribute mapping 

            Atlas uses several steps in the wizard for attribute mapping. Follow the prompts and map the Google Workspace SAML attributes to Atlas user fields:

            • Map the attribute containing the email address (for example email) to the Atlas email field.

            • Map the attribute containing the first name (for example given_name) to the Atlas first name field.

            • Map the attribute containing the last name (for example family_name) to the Atlas last name field.

            Mapping a phone number attribute is optional and can be skipped.

            Confirm that all required mappings are completed. After finishing the wizard, ensure the configuration saves without errors.

            Step 4 – Test the connection

            1. Run the test from Atlas
              • On the Atlas Single Sign On configuration page for Google Workspace, select Test connection.
              • Atlas will start the test and redirect you to the Google Workspace SSO page.
            2. Expected behaviour

              • Atlas redirects you to the Google Workspace sign-in page for your domain.

              • You can successfully authenticate using a user who is allowed to access the Atlas SAML app in Google Workspace.

              • After successful authentication, you are redirected back to Atlas.

              • Atlas displays a message confirming that the connection test is successful.

            A successful connection test in Atlas indicates that both configuration and authentication are working as expected.

            Troubleshooting tips

            If the connection test fails:

            • Confirm that Entity ID / Audience URI and ACS URL / Single Sign On URL in Google Workspace exactly match the values shown in the Atlas Single Sign On endpoints step.

            • Check that the user is allowed to authenticate to the Atlas SAML app in Google Workspace and that the same user exists in Atlas with matching identifiers.

            • Verify that the SAML attribute names / claims for email, first name, and last name in Google Workspace match the mappings you configured in Atlas.

            • Review any error messages in Atlas and in the Google Admin console → Reports → Audit → SAML (or similar) to identify where the problem is.

            • If you still cannot resolve the issue, submit a ticket with: 

              • A description of the steps you followed, and

              • Any error messages or log details you received.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0