Google Workspace SAML integration

Google Workspace SAML integration

Google Workspace SAML integration 

Google Workspace serving as an Identity Provider (IDP) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to our Recorder and Video Editor under your team plan.  When Team users first authenticate via SAML and you have configured SAML to create users, we set up their dedicated hosting account as part of the Team Plan.

This article describes how to configure SAML SSO with Google Workspace serving as the IDP. 

Prerequisites 

  • Your organization must be using Google Workspace
  • You will need administrative permissions for Google Workspace
  • You must be using a ScreenPal Team Plan 
  • You will need administrative permissions for your Team Plan

 

Configuring SAML SSO with our app

1. Login into Google Workspace as an Administrator.
2. In your Google Apps Administration Console, click the Apps option.

gsuiteadmin.png


3. In the Apps window, click SAML App.




4. Click the plus sign (+) option to add a new application.




5. Select Setup my Own Custom App.

gsuitesamlappsenablesso.png

6. Download the IDP Metadata file and save the file to your computer.  Click Next.

gsuitesamlappdownloadidpxml.png


7. Enter an application name and then click Next.




8. Keep the following tab open, as we will return to configure later:




9. Log into ScreenPal as a Team Owner or Admin, and click Settings in the menu on the left.
10. From the Settings area, click Authentication.



11. Under SAML Authentication, move the toggle to On.


Once enabled, you will see the additional settings needed to set up communication between our app and the ADFS identity provider.

12. Download the metadata XML file under SAML Service Provider Info (ScreenPal), and save it on your device for a future step.




13. Under Upload SAML Identity Provider (IDP) Metadata File, click Choose File and upload the Google Apps IDP Metadata file you saved in step 6.



14. In the text box under Access URL, specify a unique access URL. 
This URL will be used by your Team the first time they authenticate into ScreenPal.  When visiting this URL, the user will be redirected to your organization network login for sign-in or, if they are already logged into your network, they will be automatically signed into our app.



15. If you intend to have your users enjoy the advanced features provided in hosting (including branded video player, content sharing, channel carousel, stock images and videos, and so forth), select the checkbox for Create users on ScreenPal using SAML for this Access URL.
The first time a user from your organization logs in via SAML, their hosting account will be set up so they can manage and share content.



 
16. Go back to the SAML Service Provider Info section and copy the Entity ID and ACS URL for use in Google Apps.



17. Return to the Google Workspace tab or window, and paste the ACS URL and Entity ID into their respective fields. 
Make sure to leave the defaults for Name ID set to Basic Information and Primary Email.

gsuitesamlacsurlentityid2.png


18. If you selected Create users on ScreenPal using SAML for this Access URL above, add Attributes to map First and Last Name for users. Otherwise, skip this step.

urn:oid:2.5.4.42 -> First Name (Basic Information)
urn:oid:2.5.4.4 -> Last Name (Basic Information)



19. Click Finish.                     
                                                                 
gsuitesamlattributemapping.png


20. You should see the following screen with your installed app.



21. Return to the ScreenPal Authentication settings and click Save Changes.

22. Click the Test Login link to make sure the login works. 



You're all set!  Now when your users land on the team access page they will be prompted to login via Google SSO.

    • Related Articles

    • Set up our app with ADFS SSO (SAML) for your organization

      Set up our app with ADFS SSO (SAML) for your organization Active Directory Federation Services (ADFS) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your Team Plan. When Team ...
    • Install the ScreenPal Chrome extension for all Google Workspace users

      If you are a Google Workspace administrator for your team, you can install the ScreenPal Chrome extension for all your users. Before you begin In order to install the ScreenPal extension for your users, you will configure the following policies: 1. ...
    • Add ScreenPal as an app in Clever

      You can use Clever single sign-on (SSO) to enable your users to be securely authenticated into ScreenPal from their Clever Portal. Before you begin If you require SAML login for your users, you will first need to configure ScreenPal SAML ...
    • Set up ScreenPal in Classlink

      As an administrator, you can create a Classlink LaunchPad app for ScreenPal to make it easy for your team members to access the ScreenPal apps. Before you begin If you are requiring SAML login for your users, you will first need to configure ...
    • Use ScreenPal with Google Docs, Google Sheets, and Google Slides

      Google Docs, Google Slides and Google Sheets all allow you to insert comments into your project. You can use the ScreenPal Chrome extension to insert video comments into these areas. Quick, personalized video comments can be much more effective when ...