Skip to main content

Setting up SAML with Google Workspace

Connect Whistleblower Software to Google Workspace using SAML 2.0

Before you start

  • In Google Workspace, you must be signed in as a Super Administrator to configure a custom SAML application. No lower-level admin role is sufficient for this task.

  • In Whistleblower Software, you must have either the Administrator or System Technician role to access Settings > Security.

  • SAML is available on the Advanced plan only.

  • If you only need simple Google login without centralized SAML control, use the Login with Google (OAuth) guide instead.

Before users can sign in, make sure the following are in place or login will fail: signed responses or assertions must be enabled in your identity provider, and the Name ID must be mapped to the user's email address.

Steps

Step 1: Open Google workspace admin

Navigate to https://admin.google.com/ac/apps/unified.

Step 2: Create a new SAML app

Click Add app, then select Add custom SAML app.

Step 3: Name the application

Give the application a name, for example "Whistleblower Software". You can also add a logo at this stage if needed.

Step 4: Download the Google metadata file

Select option 1 and download the metadata file from Google. You will upload this into Whistleblower Software in the next step.

Step 5: Upload the Google metadata file into Whistleblower Software

Go to Settings > Security in Whistleblower Software. Enable Login with SAML. Under Identity provider metadata file, upload the metadata file you downloaded from Google.

Step 6: Continue in Google admin

Press Continue in the Google Admin interface to move to the service provider details screen.

Step 7: Enter the ACS URL and Entity ID

In Whistleblower Software under Settings > Security, with SAML enabled, copy the Application ACS URL and the Application entity ID. Enter these into the corresponding fields in Google Admin under Service provider details.

On the same screen:

  • Enable Signed responses.

  • Set Name ID format to Email.

  • Set Name ID to Primary Email.

Step 8: Configure attribute mapping

Under Attribute mapping, add the following:

  • First name mapped to first_name

  • Last name mapped to last_name

  • Primary email mapped to email

Step 9: Finish and enable access

Click Finish. Then go to the app's access settings in Google Admin and enable access for the users or groups who need to sign in to Whistleblower Software.

It may take a short time for Google to fully activate the app. If users see an error immediately after setup, wait a few minutes and try again.

We’re here to support you. If you have questions reach out to us directly via the Messenger icon in the bottom right corner of your screen, or send us an email at [email protected]

Related Articles
Login with Google (OAuth)
Setting up SAML with Microsoft Azure
Setting up SAML with AWS
Setting up SAML with Okta
Setting up SAML with Ping
Did this answer your question?