Enable Google Workspace SSO

There are four steps to set-up the Google Workspace (formerly G Suite) SSO connection:

1. Set-up Google Workspace application.
2. Provide metadata to CheckFlow.
3. Enable the application for users.
4. Verify Google SSO is working with CheckFlow.

 

Contact Us

Please contact us prior to starting Step 1.

We will need to manually generate your Entity ID and ACS URL.

Step 1: Set-up Google Workspace application

1. Login to your Google Admin console and go to Apps > Web and mobile apps.
2. Click the Add App dropdown menu and select Add custom SAML app.
3. On the App Details page, enter CheckFlow as the App name. You can optionally upload an icon. Then click Continue.

 

 

4. You will now see the Google Identity Provider details page.

Important: Please download the IDP metadata file or copy the SSO URL and Entity ID and save them for Step 2.

5. Click Continue to proceed to the Service Provider Details page. Enter the following information:

• ACS URL: Provided by CheckFlow
  • Example: https://yourcompanyname.checkflow.io/Saml/AssertionConsumerService
• Entity ID: Provided by CheckFlow
  • Example: urn:auth0:checkflow-prod:yourcompanyname.checkflow.io
• Name ID format: EMAIL
• Name ID: Basic Information > Primary email

 

 

6. Click Continue to proceed to the Attribute Mapping page.
7. Click Add Mapping to create the following attributes:

• email
  • Google Directory attributes: Basic Information > Primary email
  • App attributes: email
• firstName
  • Google Directory attributes: Basic Information > First Name
  • App attributes: firstName
• lastName
  • Google Directory attributes: Basic Information > Last Name
  • App attributes: lastName
• role (optional)
  • Google Directory attributes: Map this to a custom attribute if you have one for user roles.
  • App attributes: role
• timeZone (optional)
  • Google Directory attributes: Map this to a custom attribute if you store user time zones.
  • App attributes: timeZone

 

Optional Attributes

The role and timeZone attributes are optional. These properties can easily be changed within the 'Team Management' and 'User Settings' pages in CheckFlow at any time.

 

8. Click Finish.

Step 2: Provide metadata to CheckFlow

The identity provider metadata allows for dynamic configuration. This simplifies the SAML setup process.

1. If you did not download the metadata in Step 1, go to your CheckFlow app in the Google Admin console.
2. Click on Download Metadata.
3. Send the IDP metadata file (XML) or the SSO URL and Entity ID to us. We will then add this to your account.

 

Step 3: Enable the application for users

1. From your Google Admin console, go to Apps > Web and mobile apps.
2. Select the CheckFlow app.
3. Click on User access.
4. To turn the service on for everyone in your organization, click ON for everyone and then click Save.
5. Alternatively, you can turn the service on for specific Groups or Organizational Units using the menu on the left.

 

 

Step 4: Verify Google SSO is working with CheckFlow

All users that have been assigned to your newly created Google application should now be able to access CheckFlow using Google SSO.

New user accounts are created the first time a user logs in to CheckFlow.

Simply open a new tab in your browser and access CheckFlow using your custom URL.

For example: https://yourcompanyname.checkflow.io/