How To Set Up Your Own Google App (SAML)

Step 1

Log in to the Google Admin Console:

Step 2

  • Click on Apps.
  • On the Apps Settings page, click on SAML apps.
  • Click on the yellow + button at the bottom right of the screen to create a new SAML App.

Step 3

Choose Setup my own custom App.

Step 3

Step 4

  • In the dialog that appears, complete Option 2 to download the IDP metadata, and keep this for the LogonLabs setup below.
  • Note: The X.509 Certificate will expire in 5 years. Set a reminder for yourself to generate a new Certificate before it expires. If the Certificate expires, your users will no longer be able to log in with the provider
  • Click Next.

Step 5

  • For Application Name, please enter your organization’s name
  • For Description, enter a description of your App.
  • Click Next.

Step 6

  • For ACS URL, enter the following:

  • For Entity ID, choose a unique name
  • Leave Start URL blank
  • Click Next.
Step 6

Step 7

Under Attribute Statements, add the following entries (case sensitive):

  • Add email, and choose the value Primary Email from Basic Information
  • Add first_name, and choose the value First Name from Basic Information
  • Add last_name, and choose the value Last Name from Basic Information

Click Finish.

Step 7

Step 8

  • Your app information should now be displayed. Click Edit Service at the top right of the app information.
  • Set Service Status to ON for everyone.
  • Click Save.

Step 9

LogonLabs Setup:

  1. Go to
  2. Click Sign In and authenticate (or Sign Up make a new account and authenticate).
  3. Navigate to Default Rules (or Domain Rules and open/create a domain module).
  4. Click on the Google button under Enterprise Identity Providers.
  5. Click Add.
  6. Choose SAML for the protocol.
  7. Enter a name.
  8. Enter a description (optional).
  9. In the Login URL field, enter the SSO URL from the Google App.
  10. In the Entity ID field, enter the Entity ID that you set in Google above.
  11. In the X.509 Certificate field, enter the X.509 certificate from the Google App. Do not include the BEGIN and END tags.
  12. Click Add.
  13. Enable Google by clicking the new entry in the Google Identity Providers list.
Step 9