Users can log in to G Suite using their Teamstack credentials via SAML.
This document will guide you through the setup.
G Suite (SP) initiated Single Sign On
Teamstack (IdP) initiated Single Sign On
Plan: G Suite Basic plan or higher
Verified G Suite domain
Set up SSO via SAML for G Suite
To set up SSO you first need to create a G Suite app in Teamstack and then configure G Suite SSO with the SAML settings from Teamstack.
Step 1: Create G Suite app in Teamstack
Go to your Applications in Teamstack.
Click "Add Application" in the top right corner.
Search for "G Suite" and click "Add".
Select this app to be a "SAML" app and enter your G Suite Domain (like "example.com") and leave the "Relay State" input empty (Your domain must be verified in G Suite, otherwise the login will fail). Click "Save".
On your applications overview, click on the newly created G Suite app. You will see all details about this app.
Click on the "SAML Configurations" tab. Keep this page open, as you will need these values once you configure the SAML settings in G Suite.
Step 2: Set up SAML in G Suite
Log in to your G Suite account with your administrator account at admin.google.com
On the top left, open the main menu (☰) and click on "Security". Click on "Set up single sign-on (SSO) with a third party IdP" to open the Single Sign-On settings.
Enable SSO with by clicking on "Set up SSO with third-party identity provider".
Copy the "Sign-in page URL" value from Teamstack (Found in step 1.6).
For the "Sign-out page URL" value, enter "https://app.teamstack.com/dashboard"
To upload your Teamstack SAML certificate, click on the "SAML Certificate" button in Teamstack (from step 1.6). It will download a text file which you have to upload to the G Suite "Verification certificate" file picker.
Leave all other fields empty and click on "SAVE".
Step 3: Test that the SAML setup is working
To test if the SAML connection is functioning properly, you need to ensure your primary email in Teamstack is the same as your G Suite account email and then do the following steps:
Assign the G Suite app to yourself in Teamstack.
Open a new incognito window, log in to Teamstack and click on the G Suite icon on your Dashboard
You now should be redirected to G Suite and logged in.
Users can now log into G Suite using SAML. To be able to log in, they need to have a G Suite account and the app needs to be assigned to the user in Teamstack.
G Suite users with an Administrators account will always be able to log in via username and password into G Suite.