ACCESS > How to configure Google Suite for SAML and SSO
Note - in this article - there's some steps that can only be done by Tallyfy Support on our back-end. They're included here for full transparency.
General
In order to integrate Google Suite Suite SAML/SSO with your Tallyfy organization, you will need to:
- Set up and configure a Google Suite app with SAML support.
- Use the Google Suite app's settings to configure SAML on Tallyfy.
- Enable SAML for your organization on Tallyfy, to start SSO authorization and user provisioning.
Set up your own custom Google Suite SAML application for your Tallyfy organization
Preparing the new application
-
Sign in using an account with super-administrator privileges.
-
In your Admin console Home page, go to Apps > Web and mobile apps.
-
Choose
Add App
, then clickAdd custom SAML app
.
Configure SAML settings
On the App Details page:
- Choose a name for your app, and upload your logo, then click Continue.
On the Google Identity Provider details page, get the setup information needed by Tallyfy:
- Copy the SSO URL and Entity ID and download the Certificate, click Continue.
- In the Service Provider Details window, we will need to fill ACS URL, Entity ID for your custom app. These values are all provided by Tallyfy.
So, we will need to get the default SAML values from our organization in Tallyfy:
- Select our Organization's profile from the Support page.
- Scroll to Org Settings tab:
- Click on Add Configuration Details: Ignore the empty fields for now and scroll down to the existing default values.
- Now, we will fill the SAML settings in our G Suite app (the Service Provider Details window), using those values:
-
ACS URL: In this field, copy the value from SP ACS URL (Single Sign On URL). (number 1 in the screenshot above)
-
Entity ID: copy the value from SP Entity ID (Audience URI). (number 2 in the screenshot above)
-
Click Continue.
-
On the Attribute mapping page, click Add another mapping to map additional attributes. We will add three attributes just like the screenshot below:
-
Click
Finish
. -
Now you will need to make your app available for your users, Go to User Access > Service status and Select ON for everyone:
Configure SAML on Tallyfy:
-
Since you have an application ready, First we will get the SAML data needed to configure SAML on Tallyfy.
-
Get the data you copied from the Google Identity Provider details page in your SAML app.
-
We will use the values in the above page as SAML configs to integrate this app to our Tallyfy organization.
- Go back to our Tallyfy Support page where the SAML configs modal is still open, then we fill the values respectively, as shown in the screenshot below. This step is highly likely to be done by Tallyfy Support - so please provide the values to support (at) tallyfy (dot)
- After successfully saving the configs, you will need to enable SAML in this organization.
- Click on the toggle button next to Add Configuration Details:
Congratulations, now Single Sign-on and User Provisioning using Google Suite will be working for your organizations' users!
How to provision new members to Tallyfy using SSO
Go back to Tallyfy Support page and open the SAML configs modal, copy the Tallyfy login URL and share it with your users who have access to the G suite SAML app:
They can use this link to access Tallyfy, old users will just login, while new users will be added to your Tallyfy organization automatically.