Skip to main content

Google Workspace - Single Sign On (Multi-Tenant)

Molly Hickey
  • Updated

This document provides guidelines on how to configure Workvivo to authenticate via Single Sign On (SSO) using Google G Suite as the identity provider (IdP) solution in a SAML2 SSO configuration. The information contained in this document is intended as a guideline only – there may be significant differences in any given G Suite configuration that require a different approach to be taken.

 

Please note: Ahead of setup, your Technical Consultant will need to know which team term will be directed to which SSO tenant. That is the logic we will use on our side to direct the user to the correct log-in screen.

 

1. Set up Workvivo as a Custom SAML App

The first step to configuring Workvivo in G Suite is to add it as a custom app.

 

Step 1

From the G Suite Admin console Home page, go to Apps and then SAML Apps.

Click Add + at the bottom right and the Step 1 screen appears.

Select "Setup My Own Custom App".

 

 

Step 2

Select Option 1 and send the following to your Workvivo point of contact:

  • SSO URL

  • Entity ID

  • Certificate

Download the certificate by clicking "Download".

Click "Next" to move to Step 3.

 

 

 

Step 3

Give the application a name (e.g. Workvivo).

Click "Next" to move to Step 4.

 

 

Step 4

Your Workvivo contact will provide you with the below information:

  • ACS URL: https://[companyname].workvivo[.com][.us][.me]/saml/acs-multi/[hashvalue]

  • Entity ID: https://[companyname].workvivo[.com][.us][.me]/saml/metadata-multi/[hashvalue]

  • Name ID: Basic Information, Primary Email

  • Name ID Format: Email

*Note - depending on whether your Workvivo instance is hosted on our EU, US, or UAE data center, make sure you enter the correct domain. It will either by workvivo.com, workvivo.us, or workvivo.me. The format may also differ if your organisation has configured a custom domain name for Workvivo. If you do not know your Workvivo domain name, please contact our support team at support@workvivo.com for assistance.

Click "Next" to move to Step 5.

 

 

Step 5

Create a new mapping for Email to Basic Information, Primary Email. Click "Finish".

 

 

2. Turn on SSO to the Workvivo App

The final step is to turn the app on for all employees.

 

From the Admin console Home page, go to Apps and then SAML Apps and select your new Workvivo SAML app.

Click "Edit Service" on the top right.

 

To apply settings for all users check the 'ON for everyone' radio button and then click "Save".

 

To apply settings to individual organisational units, select the relevant organisational unit that contains the users whose settings you want to change from the list on the left-hand side. To change the setting, select 'On' or 'Off'.

 

 

3. Complete the configuration on Workvivo

Please share the below information, or Metadata URL, with your Technical Consultant to complete configuration on our side:

  1. SSO URL
  2. Entity ID
  3. Certificate

Once we configure what we need to on our side, we can test logging in via SSO

Related articles