# Setting up SSO with Google Workspace

Sign in to freispace using Google.

### Create SAML app[​](#create-saml-app "Direct link to Create SAML app")

1. Open the [Google Workspace Admin Console](https://admin.google.com/) at [admin.google.com](https://admin.google.com/).

2. On the left menu, click **Show more** and navigate to **Apps** > **Web and mobile apps**.

3. Click **Add app** and select **Add custom SAML app**.

   ![Google Workspace screenshot](/assets/images/google-workspace-admin-sso-02-13e704438a3b7c85a1c66036f184eec6.png)

4. Enter the following data.

   | Field    | Content                                                                                                                             |
   | -------- | ----------------------------------------------------------------------------------------------------------------------------------- |
   | App name | `freispace`                                                                                                                         |
   | App icon | Upload this file: [freispace-icon.png](https://docs.freispace.com/assets/files/freispace-icon-114714e39b85f02a4fee28fb61c57be2.png) |

5. Click **CONTINUE**.

### Get Google's settings[​](#get-googles-settings "Direct link to Get Google's settings")

1. On freispace, start by clicking **Add tenant** and entering a name for this connection, i.e. *Google*.

2. Then, copy the provided data from Google into freispace.

   | freispace name           | Google name | Example data                                                       |
   | ------------------------ | ----------- | ------------------------------------------------------------------ |
   | Login URL (SSO endpoint) | SSO URL     | `https://accounts.google.com/o/saml2/idp?idpid=xxxxx`              |
   | IdP Issuer ID            | Entity ID   | `https://accounts.google.com/o/saml2?idpid=xxxxxx`                 |
   | IdP X.509 Certificate    | Certificate | `-----BEGIN CERTIFICATE----- xxxxxxxxxx -----END CERTIFICATE-----` |

   ![Google Workspace screenshot](/assets/images/google-workspace-admin-sso-03-36ff947eb756620c2178686a205fb56b.png)

3. Additionally, enter the following data.

   | freispace field name                 | Data                                                              |
   | ------------------------------------ | ----------------------------------------------------------------- |
   | Namespace definition for given names | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname` |
   | Namespace definition for surnames    | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`   |

4. Click **CONTINUE** on the Google setup page.

5. Click **Save settings** on freispace.

### Set settings on Google[​](#set-settings-on-google "Direct link to Set settings on Google")

After saving the settings on freispace, you will now see two fields: Reply URL and Identifier. Google needs to know about these settings.

1. Copy over the settings from freispace into Google.

   | freispace              | Google    | Example data                                              |
   | ---------------------- | --------- | --------------------------------------------------------- |
   | Reply URL              | ACS URL   | `https://api.app.freispace.com/api/v1/saml2/xxx/acs`      |
   | Identifier (Entity ID) | Entity ID | `https://api.app.freispace.com/api/v1/saml2/xxx/metadata` |
   | Team Login URL         | Start URL | `https://app.freispace.com/login/xxx`                     |

2. Ensure that *Signed response* is **not** checked.

3. Additionally, set **Name ID** to `Basic Information > Primary email`. (Leave *Name ID format* as *UNSPECIFIED*.)

   ![Google Workspace screenshot](/assets/images/google-workspace-admin-sso-04-fab85360162804a9f0ba3d93e096d272.png)

4. Click **CONTINUE** on the Google setup page.

### Attribute mapping[​](#attribute-mapping "Direct link to Attribute mapping")

In order for freispace to automatically import your users' names, you will need to map attributes as described.

1. Click **ADD MAPPING** twice and add the following mappings.

   | Google Directory attributes | App attributes                                                    |
   | --------------------------- | ----------------------------------------------------------------- |
   | First name                  | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname` |
   | Last name                   | `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`   |

   ![Google Workspace screenshot](/assets/images/google-workspace-admin-sso-05-2391092f25eaf2a65b980aef8f76880a.png)

2. Click **FINISH**.

### Activating the SAML app[​](#activating-the-saml-app "Direct link to Activating the SAML app")

1. On freispace, click **Activate**.

2. On Google Workspace, click the tile **User access**.

   ![Google Workspace screenshot](/assets/images/google-workspace-admin-sso-06-4020c60fad596bfa943c9f319d95e28b.png)

3. Set **Service Status** to **ON for everyone** and confirm with **SAVE**.

### Done! 🎉[​](#done- "Direct link to Done! 🎉")

freispace should now appear as an app in the App drawer.

![Google Workspace screenshot](/assets/images/google-workspace-admin-sso-07-5dee10c924dfa08223f4f5b0bb8176e5.png)