Skip to main content

IdP Configuration

Google Workspace Configuration

  1. In the Google Admin Console go to Apps > Web and mobile apps.
  2. Click the Add app dropdown and select Add custom SAML app.
  3. Choose an App name and click Continue.
  4. Skip the Metadata download for now and click Continue.
  5. Fill in the fields ACS URL and Entity ID with the information provided in Start Left.
  6. Be sure to set the Name ID format to EMAIL and click Continue and click Continue.
The SP Entity ID is the Identifier (Entity ID) - the ID of the service provider The Single Sign-on URL is the ACS URL (Assertion Consumer Service URL) - the identity provider must be configured to return the SAML response to the ACS URL: 
https://tauruseer-auth-prod.us.auth0.com/login/callback
Both of these fields can be found in the SLS Platform by navigating to Configure on the left hand menu and selecting SSO settings. SSO

Configure Attributes

  1. Click the Add Mapping button.
  2. Select First Name in the dropdown and enter first_name in the App attributes field.
  3. Click the Add Mapping button.
  4. Select Last Name in the dropdown and enter last_name in the App attributes field.
  5. Click the Add Mapping button.
  6. Select Primary Email in the dropdown and enter email in the App attributes field.
  7. Click Finish.
SSO

User access

  1. Now you should be on the detail page of your newly created app.
  2. Expand the User access section and define the subset of users that should have access to the application.
  3. Expand the Service provider details section.
  4. Download the signing certificate and ensure the file extension is saved as a .pem file.

In the Start Left Platform:

  1. Set the Single Sign On URL from Google Workspace.
  2. Set the Domain name to your company’s domain.
  3. Upload to the X590 Certificate.
  4. Click Save SSO Settings.
Note: You cannot use the “TEST SAML LOGIN” button in Google Workspace as IDP initiated Login is not supported. You must test the SSO login from the Start Left Platform.