Use Google Workspace for SSO authentication

Learn how to use Google Workspace for Single Sign-On (SSO) authentication with SAML 2.0 so members of your organization can sign in to Kobiton using their Google credentials.

Get Kobiton parameters

First, you’ll need to save a copy of your Kobiton SSO attributes so you can easily add them to your IdP later.

First, select your profile name and picture. Then select Settings.

Select your profile name and select Settings

Choose SSO Settings.

SSO settings page

From Basic configuration, copy the following values and save them to a note:

  • Entity ID (or Audience URL)

  • Reply (or SSO, or ACS) URL

Basic configuration step in SSO settings

From User attributes (or parameters), copy the following values and save them to a note:

  • email

  • firstName

  • lastName

  • phoneNumber

  • memberOf

User attributes or parameters step in SSO settings

Later you’ll finish configuring your Kobiton SSO settings so keep this browser window open.

Create IdP application

In the Google Admin console, and select Apps.

In Google Admin Console

In Apps, choose SAML apps.

Select SAML apps

Select the Add App dropdown, then select Add custom SAML app.

Select Add custom SAML app in the dropdown

In step 1, App details, enter a name for your application.

Enter a name for the app

Get IdP parameters and download certificate

In step 2, Google Identity Provider Details, copy the following values and save them to a note:

  • SSO URL

  • Entity ID

  • Certificate

  • SHA-256 fingerprint

Values in Google Identity Provider Details

Map parameters

In step 3, Service Provider Details, use your Kobiton SSO parameters from earlier to fill out the following fields:

  • ACS URL

  • Entity ID

  • Domain Key

Fill in ACS URL, Entity ID, Domain Key

Then in step 4, Add custom SAML app, create the following parameters:

Parameter 1

  • Google Directory attributes: Primary email

  • App attributes: email

Parameter 2

  • Google Directory attributes: First name

  • App attributes: firstName

Parameter 3

  • Google Directory attributes: Last name

  • App attributes: lastName

Parameter 4

  • Google Directory attributes: Phone number

  • App attributes: phone

Fill in parameters in Custom SAML

Add IdP parameters and certificate to Kobiton

Now, you’ll need to add your IdP parameters and certificate to your Kobiton organization. In your SSO Settings, scroll down to Set up at Kobiton side.

Scroll down to step Set up at Kobiton side

Add your IdP parameters and certificate to the following:

  • Identity provider issuer

  • Identity issuer URL

  • Identity provider sign in URL

  • Identity provider sign out URL

  • Identity provider certificate

Verify and save configuration

If you enable Enforce users to login to Kobiton only through SSO, you’ll also gain access to Specify Organization Access Restrictions with the ability to enable Pass role/team assignments to users in the SAML validations.

Choose the method that’s best for your organization.

The Specify Organization Access Restrictions step in SSO settings

After you’ve chosen a method, select Verify to test your SSO configuration.

If you received a successful response, select Save to complete your SSO configuration.