These instructions are for reference only. Company-specific security policies and best practices should be considered when implementing a SAML integration. These instructions cover the configuration of SAML on the IdP's side and contain IdP-specific details.
This article details how to set up an application in Google Workspace for an SSO setup with Haiilo.
The general instructions for setting up SSO on Haiilo can be found in the Setting up Single Sign On on Haiilo article. Please follow those instructions for the Haiilo part of the setup.
Set up an application on Google Workspace
You need admin rights in your Google Workspace account to create an app.
Create the app
- Log in to the Google Admin Platform.
- Go to Apps > Web and mobile apps > Add app > Add custom SAML app
- Give your app a name, e.g., Haiilo, and upload an app icon
- Select Continue
- Select Download metadata to download the app's metadata. You will need this later to set up the integration in Haiilo.
- Select Continue
Define the basic configuration
- Open the metadata file you downloaded from Haiilo. More information in Setting up Single Sign On on Haiilo.
- In the metadata file, you will find the Entity ID and ACS URL to copy-paste into Google.
- Select Continue
Edit the claim mappings
- Select Add mapping
- Choose Primary email as the Google directory attribute and enter EmailAddress as the App attribute. This attribute is required for the SAML integration to work.
- Optionally, you can add additional attributes. The supported attributes are listed in Setting up Single Sign On on Haiilo.
- Select Finish
This is what the claim mapping should look like:
Assign users to the application
To ensure that your users can log in to Haiilo using SSO, they must be assigned to the application in Google Admin. You can assign all users during the setup process or at a later time closer to your launch date. However, during setup, you must assign at least one Company Admin who will complete the SSO setup in Haiilo.
- Select User access
- Select On for everyone or restrict access to a certain unit or group
- Select Save
Then, go back to Haiilo and finish setting up the connection. Instructions can be found in Setting up Single Sign On on Haiilo.