Google Workspace SAML integration
Google Workspace SAML integration
Google Workspace serving as an Identity Provider (IDP) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to our Recorder and Video Editor under your team plan. When Team users first authenticate via SAML and you have configured SAML to create users, we set up their dedicated hosting account as part of the Team Plan.
This article describes how to configure SAML SSO with Google Workspace serving as the IDP.
Prerequisites
- Your organization must be using Google Workspace
- You will need administrative permissions for Google Workspace
- You must be using a ScreenPal Team Plan
- You will need administrative permissions for your Team Plan
Configuring SAML SSO with our app
1. Login into Google Workspace as an Administrator.
2. In the Google Admin Console, click the Apps option in the menu and then click Web and mobile apps.
3. At the top of the Web and Mobile apps, click the Add app menu and select Add custom SAML app.
4. Under App details, enter an App name and upload an App icon if you like.
5. Click Continue.
6. Download the IDP Metadata file and save it to your computer by clicking Download Metadata.
7. Click Continue.
The Service provider details tab is displayed.
8. Keep this tab open, as we will return to configure later. Go to ScreenPal and log in the Team Owner or Admin.
9. Click Settings in the menu on the left
10. From the Settings area, click Authentication.
11. Under SAML Authentication, move the toggle to On.
Once enabled, you will see the additional settings needed to set up communication between our app and the ADFS identity provider.
12. Download the metadata XML file under SAML Service Provider Info (ScreenPal), and save it on your device for a future step.
13. Under Upload SAML Identity Provider (IDP) Metadata File, click Choose File and upload the Google IDP Metadata file you saved in step 6.
14. In the text box under Access URL, specify a unique access URL.
This URL will be used by your Team the first time they authenticate into ScreenPal. When visiting this URL, the user will be redirected to your organization network login for sign-in or, if they are already logged into your network, they will be automatically signed into our app.
15. If you intend to have your users enjoy the advanced features provided in hosting (including branded video player, content sharing, channel carousel, stock images and videos, and so forth), select the checkbox for Create users on ScreenPal using SAML for this Access URL.
The first time a user from your organization logs in via SAML, their hosting account will be set up so they can manage and share content.
16. Go back to the SAML Service Provider Info section and copy the Entity ID and ACS URL for use in Google Apps.
17. Return to the Google Admin tab, and paste the ACS URL and Entity ID into their respective fields.
Make sure to leave the default for Name ID set to Basic Information > Primary Email.
18. Click Continue.
19. If you selected Create users on ScreenPal using SAML for this Access URL in ScreenPal in step 15 above, in the Attributes section, click Add Mapping to map First and Last Name for your users. Otherwise, skip this step.
Add the following app attributes:
First Name (Basic Information) -> urn:oid:2.5.4.42
Last Name (Basic Information) -> urn:oid:2.5.4.4
When you're finished, it should look like this:
20. Click Finish.
20. You should see the following screen with the ScreenPal app you just installed.
21. Return to the ScreenPal Authentication settings and click Save Changes at the bottom of the page.
22. Click the Test Login link to make sure the login works.
That's it! Now, when your users land on the team access page they will be prompted to login via Google SSO.
Frequently Asked Questions
Q: Are first and last names required to set up SAML authentication with ScreenPal? Can we just use the Name ID?
A: First and Last Name are required, as SAML requires setting up a user within the ScreenPal system.
Q: How do I get the First and Last Name (or the Given Name and Surname) to autopopulate?
A: If a user's name is not automatically populating as expected, you need to ensure that SAML claims sent by Microsoft Entra are using the correct attributes for the account identifier. More information about these attributes and the order in which ScreenPal processes them can be found in our article titled Configure SAML to resolve unexpected name display
Q: How often are user credentials revalidated?
A: SAML enabled, users will be required to log in again after one month of usage.
Related Articles
Set up our app with ADFS SSO (SAML) for your organization
Set up our app with ADFS SSO (SAML) for your organization Active Directory Federation Services (ADFS) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your Team Plan. When Team ...Access ScreenPal as the member of a Team Plan
As a member of a Team Plan, there are several ways you can access our tools. Sign Up Link If your Team Administrator sends you a sign-up link, click it to sign into your existing ScreenPal account, or create a new account, and request access to your ...Team Admin: Add users to your Team Plan
Team Creators versus Team Users When you have a Team Plan, ScreenPal Team Creator licenses are consumed when Team Member logs into the ScreenPal Team Plan account during the plan month and interacts with ScreenPal content or launches the tools. Some ...I use Single Sign On to log in but I cannot access my Team Plan
When your organization configures Team Member access to our creator tools using Single Sign On (via SAML), it means that you can visit your team's access page and enter the username and password used to log into your organization's network to access ...Join my Team Plan
If your organization purchased a Team Plan that requires you have an account with us (for example, you need an account to host videos and images on our site), you need to join the Team Plan to access advanced features. There are a few ways you can ...