Users can log in to G Suite using their Teamstack credentials via SAML.
This document will guide you through the setup.
- G Suite (SP) initiated Single Sign On
- Teamstack (IdP) initiated Single Sign On
- Plan: G Suite Basic plan or higher
- Verified G Suite domain
Set up SSO via SAML for G Suite
To set up SSO you first need to create a G Suite app in Teamstack and then configure G Suite SSO with the SAML settings from Teamstack.
Step 1: Create G Suite app in Teamstack
- Go to your Applications in Teamstack.
- Click "Add Application" in the top right corner.
- Search for "G Suite" and click "Add".
- Select this app to be a "SAML" app and enter your G Suite Domain (like "example.com") and leave the "Relay State" input empty (Your domain must be verified in G Suite, otherwise the login will fail). Click "Save".
- On your applications overview, click on the newly created G Suite app. You will see all details about this app.
- Click on the "SAML Configurations" tab. Keep this page open, as you will need these values once you configure the SAML settings in G Suite.
Step 2: Set up SAML in G Suite
- Log in to your G Suite account with your administrator account at admin.google.com
- On the top left, open the main menu (☰) and click on "Security". Click on "Set up single sign-on (SSO) with a third party IdP" to open the Single Sign-On settings.
- Enable SSO with by clicking on "Set up SSO with third-party identity provider".
- Copy the "Sign-in page URL" value from Teamstack (Found in step 1.6).
- For the "Sign-out page URL" value, enter "https://app.teamstack.com/dashboard"
- To upload your Teamstack SAML certificate, click on the "SAML Certificate" button in Teamstack (from step 1.6). It will download a text file which you have to upload to the G Suite "Verification certificate" file picker.
- Leave all other fields empty and click on "SAVE".
Step 3: Test that the SAML setup is working
To test if the SAML connection is functioning properly, you need to ensure your primary email in Teamstack is the same as your G Suite account email and then do the following steps:
- Assign the G Suite app to yourself in Teamstack.
- Open a new incognito window, log in to Teamstack and click on the G Suite icon on your Dashboard
- You now should be redirected to G Suite and logged in.
Users can now log into G Suite using SAML. To be able to log in, they need to have a G Suite account and the app needs to be assigned to the user in Teamstack.
- G Suite users with an Administrators account will always be able to log in via username and password into G Suite.