Configuring SAML SSO for Google Workspace

To set up Crowdin Enterprise SAML SSO in your Google Workspace, follow the steps below.

Set up Crowdin Enterprise SAML app

  1. Open the Google Admin console using an administrator account.
  2. From the Admin console Home page, go to Apps > SAML apps.
  3. Click Addadd at the bottom right.
  4. Click Set up my own custom app. The Google IdP Information window opens and the SSO URL and Entity ID fields automatically populate.<div class="alert alert-info"> Note: This is the information you’ll need to specify in your Crowdin Enterprise Organization Settings > Authentication page > SAML.</div>

  5. Copy the SSO URL, Entity ID, and download the certificate.
  6. In a separate browser tab or window, log in to your Crowdin Enterprise Organization, open the Organization Settings > Authentication page, and click on SAML at the bottom of the Authentication methods list.
  7. Enter the information you copied in Step 5 (paste the SSO URL in the SAML SSO Endpoint field, Entity ID in the Identity Provider Issuer field, and drag and drop your certificate file to the Public Certificate field), click Save and then return to the Google Admin console.
  8. Click Next.
  9. In the Basic information window, add an application name (for example Crowdin Enterprise) and optionally add a description.
  10. (Optional) Upload a PNG or GIF file to serve as an icon for your Crowdin Enterprise SSO app. The icon image should be 256 pixels square. You can find the Crowdin icon on the Using the Crowdin Logo page.
  11. Click Next.
  12. In the Service Provider Details window, you need to enter an ACS URL, Entity ID, leave the Start URL empty, leave the Signed Response box cleared, and set the Name ID Format to PERSISTENT.
  13. Switch to your Crowdin Enterprise Organization Settings > Authentication > SAML where all the values for Step 12 could be found.
  14. Copy and paste the SAML SSO Endpoint in the ACS URL field, Service Provider Issuer in the Entity ID field in your Google Admin console, clear the Responses signed option, and click Save.
  15. Select SAML in the Authentication methods list so that your users could use it as the desired authentication method to log in to your Crowdin Enterprise organization from the login page.
  16. Switch to your Google Admin console and click Next.
  17. Click Finish on the Attribute Mapping page.
  18. In the Setting up SSO for Crowdin Enterprise window, click OK.

Enable Crowdin Enterprise SAML app

  1. From the Admin console Home page, go to Apps > SAML apps.
  2. Select your new Crowdin Enterprise SAML app.
  3. At the top right of the gray box, click Edit Service edit.
  4. To turn service on or off for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
  5. To turn service on or off only for users in an organizational unit:
    a. On the left, select the organizational unit.
    b. Select On or Off and then click Save.

    Read more about the organizational structure of Google Workspace.

  6. To turn service on for a set of users across or within organizational units, select an access group. For details, go to turn on a service for a group.

  7. Ensure that the email addresses your users use to log in to the SAML app match the email addresses they use to log in to your Google domain.

    Note: Changes typically take effect in minutes, but can take up to 24 hours. For details, see How changes propagate to Google services.

Test SSO

  1. Open the single sign-on URL for your new Crowdin Enterprise SAML app by clicking on the Crowdin Enterprise in the Google apps menu. Crowdin Enterprise could be found in the app list along with Google Drive, Gmail, and others. You should be automatically redirected to the Google login page.
  2. Enter your login credentials. After your login credentials are authenticated, you’re automatically redirected to Crowdin Enterprise.

Hasznos volt ez a cikk?