Setup Single Sign On (SSO) with GSuite using SAML

Create a new Damstra Learning Plugin

1. Login as an Admin into Damstra Learning.

2. Go to Admin, Integrations, Plugins.

3. Click Add Plugin.

4. Click SAML 2.0.

5. Enter a name for the plugin that will be visible on the login screen. For example; "Google".

Create a SAML App in GSuite

1. In a new tab, go to https://admin.google.com and login with your credentials.

2. Click on Apps.

3. Click on SAML apps.

4. Click the plus on the bottom right.

5. Click Setup My Own Custom App.

6. Copy the Entity ID. (not the SSO URL).

7. Under Option 2, download the IDP metadata.

8. Click Next.

9. Name the application Damstra Learning.

10. Switch back to the Damstra Learning Tab.

11. Paste the Entity ID in your clipboard into the Issuer URL field.

12. Upload the metadata you downloaded before.

13. Copy the Single Sign On URL.

14. Switch Back to the GSuite Tab.

15. Paste the Single Sign On URL into the ACS URL and Entity ID fields.

16. Check the Signed Response checkbox.

Configure Mappings

1. Click Next.

2. Click Add New Mapping and map the following fields.

3. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname-> First Name

4. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname -> Last Name

5. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -> Primary Email

6. http://schemas.xmlsoap.org/claims/Group -> Department (optional)

Finishing Up

1. Click Finish.

2. Go back to the Velpic tab.

3. Check the Auto-create new user's field if you want to.

4. Click Save.