fabriq

Before proceeding with this article, ensure that you have read our article about <a href="https://support.fabriq.tech/en/articles/6821787-saml-single-sign-on">SAML Single Sign-on 🔐</a>

Here, we will outline the steps to set up Google workspace as an Identity Provider.

1️⃣ Create a Google SAML Web application

Go to the Google Admin <a href="https://admin.google.com/" rel="nofollow noopener noreferrer" target="_blank">console</a> and sign in with an administrator account

Click on Apps, then Web and mobile apps in the left-hand navigation menu

Click on Add app, then Add custom SAML app

Enter a name for your application (e.g. "Fabriq") and click on Continue

Download the Metadata file and click on Continue

1. Go to the Google Admin <a href="https://admin.google.com/" rel="nofollow noopener noreferrer" target="_blank">console</a> and sign in with an administrator account
2. Click on Apps, then Web and mobile apps in the left-hand navigation menu
3. Click on Add app, then Add custom SAML app
4. Enter a name for your application (e.g. "Fabriq") and click on Continue
5. Download the Metadata file and click on Continue

2️⃣ Configure the application for SAML SSO

On the Service provider details page, you will need to enter the following information, ℹ️ reach out to us so that we can provide it to you:

Set the Name ID format to EMAIL and Name ID to Primary email

1. On the Service provider details page, you will need to enter the following information, ℹ️ reach out to us so that we can provide it to you:
 - ACS URL
 - Entity ID
2. Set the Name ID format to EMAIL and Name ID to Primary email
3. Click on Continue

3️⃣ Configure the attributes for SAML SSO

Add the following attribute mappings by clicking on ADD MAPPING:

Primary email : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a>

First name : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a>

Last name : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a>

- Primary email : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a>
- First name : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a>
- Last name : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a>

You can either turn on the service status:

1. for everyone in your organization
2. for specific groups / organizational units

1. Click on the User access section
2. You can either turn on the service status:
 1. for everyone in your organization
 2. for specific groups / organizational units

5️⃣ Send us the App Federation Metadata file

Send the previously downloaded Metadata file to <a href="mailto:enablement-team@fabriq.tech" rel="nofollow noopener noreferrer" target="_blank">enablement-team@fabriq.tech</a>

1️⃣ Create a Google SAML Web application

2️⃣ Configure the application for SAML SSO

3️⃣ Configure the attributes for SAML SSO

4️⃣ Assign users to Fabriq

5️⃣ Send us the App Federation Metadata file