Retrieving SAML XML Metadata from Google Workspace

Owned by Fernando Vargas Prandini
Last updated: Jun 18, 2024 by Paulo Peres
3 min read

This tutorial explains how to retrieve the XML metadata for a SAML application configured within Google Workspace. This XML metadata is essential for setting up Single Sign-On (SSO) services for your web application by facilitating the exchange of user authentication data between Google Workspace and your application.

Prerequisites

  • Administrative access to the Google Admin console.

  • A SAML application is already configured within Google Workspace.

Steps

1. Access the Google Admin Console

Navigate to the Google Admin Console and sign in with your administrator account.

2. Go to Apps

From the Home page of the Google Admin console, click on Apps. This section allows you to manage all applications including SAML apps integrated with your Google Workspace.

3. Select SAML Apps

Under the Apps section, select Web and mobile apps. Then, navigate to SAML apps to view a list of your configured SAML applications.

image-20240605-173238.png

 

4. Choose Your SAML Application

Find and select the SAML application for which you need the XML metadata. This will take you to the application's settings page.

image-20240605-173441.png

 

6. Configure Service Provider Details

Enter the Service Provider Details provided by your team. The Botdoc team will supply the necessary values for:

  • ACS (Assertion Consumer Service) URL

  • Entity ID

  • Start URL

Ensure these details are accurately entered in the corresponding fields in the Google Workspace setup to facilitate proper communication and authentication flows between Google and your application.

5. Configure SAML Attribute Mapping

Within the application settings, configure the attribute mapping to ensure that Google sends the correct user data to your web app. Set the attributes as follows:

  • Email: Map email attribute to email

  • Last Name: Map familyName attribute to family_name

  • First Name: Map givenName attribute to given_name

  • First Name: Map givenName attribute to name

  • Employee ID: Map employeeId attribute to nickname

These mappings ensure that your application receives the necessary user details for authentication and user profile management.

6. Download the Metadata

In the application's settings, locate the option for SAML metadata. There will typically be a link or button labeled something like Download Metadata or Setup instructions.

Click to download the XML file. This file contains the SAML configuration details including the Entity ID, Assertion Consumer Service (ACS) URL, and Single Logout Service URL, among others.

 

Conclusion

By retrieving the SAML XML metadata from Google Workspace, you can ensure that your web application is properly configured for SSO with Google as the identity provider. This setup helps streamline user access and enhance security by utilizing Google Workspace’s authentication mechanisms.