Setup Single Sign On (SSO) with GSuite using SAML

A step by step guide on how to setup Single Sign On (SSO) with Google's GSuite using SAML

Written by Cadell Christo
Updated over a week ago

Create a new Velpic Plugin

Login as an Admin into Velpic.
Go to Admin, Integrations, Plugins.
Click Add Plugin.
Click SAML 2.0.
Enter a name for the plugin that will be visible on the login screen. For example; "Google".

Create a SAML App in GSuite

In a new tab, go to https://admin.google.com and login with your credentials.
Click on Apps.
Click on SAML apps.
Click the plus on the bottom right.
Click Setup My Own Custom App.
Copy the Entity ID. (not the SSO URL).
Under Option 2, download the IDP metadata.
Click Next.
Name the application Velpic.
Switch back to the Velpic Tab.
Paste the Entity ID in your clipboard into the Issuer URL field.
Upload the metadata you downloaded before.
Copy the Single Sign On URL.
Switch Back to the GSuite Tab.
Paste the Single Sign On URL into the ACS URL and Entity ID fields.
Check the Signed Response checkbox.

Configure Mappings

Click Next.
Click Add New Mapping and map the following fields.
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname-> First Name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname -> Last Name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -> Primary Email
http://schemas.xmlsoap.org/claims/Group -> Department (optional)

Finishing Up

Click Finish.
Go back to the Velpic tab.
Check the Auto create new users field if you want to.
Click Save.