Skip to main content
All CollectionsWorkspace managementCreating and setting up your workspaceGoogle Workspace
How to Configure the Cerby Pre-Integrated SAML App with Your Google Workspace
How to Configure the Cerby Pre-Integrated SAML App with Your Google Workspace

This article describes how you can configure your Google Workspace as an authentication option for your Cerby workspace.

Cerby Team avatar
Written by Cerby Team
Updated over 2 years ago

All Cerby users have the ability to configure a default Identity Provider to power Single Sign On (SSO). This article details how to configure your Google Workspace as the primary Identity Provider to facilitate SSO with the Cerby application.

Supported Features

  • Control in Google Workspace who has access to Cerby.

  • Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Cerby.

Requirements

In order to proceed with configuring login with SSO through Google Workspace, you must:

  • Have access to the Google Workspace Admin Portal.

  • Be a Google Workspace administrator to that tenant

  • Have received a Welcome to Cerby email invitation

If you have not received a Welcome to Cerby email invitation, please email support@cerby.com to request an invite.

Step-by-Step Configuration Steps

The following documents the configurations for setting up the SAML2 integration between Cerby and a Google Workspace tenant asthe Identity Provider (IDP) and depending on the use case, the user will be redirected to your Google Sign In Portal for authentication if no session has been established.

To configure your provisioning settings for Cerby in Google Workspace, please complete the following steps:

Step One - Setup Workspace in Cerby

  1. Click on Create your Workspace from your Welcome to Cerby email.

  2. In the first screen that loads, select Set Up Google Workspace Login as your Identity Provider to configure.

  3. In the next screen, provide a Workspace name. Remember the Workspace name which you have provided for step 2.6 below. Then, click Next.

  4. The next page will have important configuration information. Leave this tab open and open up a separate window or tab to continue.

Step Two - Add the SAML App in your Google Admin Account

  1. In a new tab, sign in to your Google Workspace Admin portal (https://admin.google.com/).

  2. Navigate to Apps > Web and Mobile and then click on Add App (NOTE: this is not implemented yet, I will continue with the Custom SAML APP)

  3. Then click "Search for Apps", search for Cerby and click on the first search result.

  4. On the following screen, add "Cerby" for your App Name and choose the Cerby Logo and click Continue (CUSTOM)

  5. Now, download the Metadata, (it will be required for the next steps) and click Continue

  6. Under Service Provider Details, add the ACS URL and Entity ID (Copy these values from step 1.4 above.

    1. ENTITY ID: urn:amazon:cognito:sp:Your_Provided_Id

  7. Finally, add the required attributes and Click Finish

  8. Once the configuration is complete, return to the “Settings for Cerby” view under the App List section. In this section, you can either turn on the Cerby app for all users or enable it for specific organizations.

Step Three - Populate SSO configuration in Cerby

  1. Return to the Cerby Workspace Configuration page from Step 1.4 above and add the XML file from step 2.5.

  2. Click on “I have already assigned users or groups to the application”, per step 2.8 above.

  3. Click on Finish Configuration.

  4. You are done. Proceed to log in to your Cerby workspace.

Notes

Permissions

Cerby’s integration with Google Workspaces leverages Google Accounts only for SSO authentication. To assign permissions for Cerby, users must do so directly within Cerby.

Error: app_not_configured_for_user

Sometimes a workspace administrator may be unable to access their workspace after it is created and they’ll see a similar error to the one in the screenshot below.

This problem can be easily resolved by refreshing the page or by logging out and then logging in of their Google account.

Did this answer your question?