Skip to content

Google Workspace Single Sign On#

  • Using protocol: SAML

Google workspace configuration#

  • Log into with administrative privilege user.


  • Security > SSO with third party IdP


  • Add SSO Profile

    • Check Set up SSO with third-party identity provider

    • Sign-in page URL: https://[hostname_of_Gluu_Server]/idp/profile/SAML2/Redirect/SSO

    • Sign-out page URL: https://[hostname_of_Gluu_Server/idp/Authn/oxAuth/logout

    • Verificiation certificate: Log into your Gluu Server and grab idp-signing.crt from ~inside_container/etc/certs/. Upload it.


  • Save configuration.

Gluu Server configuration#

  • Configure NameID:

    • Configure a NameID based on Email attribute.

    • NameId type would be: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress


  • Create Trust Relationship:

    • We need to write a quick metadata for Google workplace which we are going to use in trust relationship.

    • Metadata is attached below. Deployer need to modify that according to their own DNS entry.

      <EntityDescriptor entityID="" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
          <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                  <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                  Location="" >
    • Create a trust relationship with above metadata and release "Email" attribute.



  • Create test user who is aligned with your Google Workspace user (for testing purposes). Our test user is '' which is available in both Google and Gluu Server.


Initiate SSO with and it would look as demonstrated in this video.