# Google SSO {% hint style="success" %} **Access Type**: Organization Settings - Editor **Premium Feature**: SSO {% endhint %} Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or systems with one set of login credentials. In this article, we will cover how to configure SSO using the SAML 2.0 standard protocol with Google. * [Retrieve SSO SAML identifiers](#retrieve-sso-saml-identifiers) * [Create Didomi console app in Google](#configure-didomi-console-app-in-google) * [Retrieve Didomi console app metadata from Google](#retrieve-didomi-console-integration-metadata-from-google) * [Add Didomi SSO SAML identifiers and attributes](#add-didomi-sso-saml-identifiers-and-attributes) * [Add Google metadata](#add-google-metadata) * [Test and complete SSO configuration](#test-and-complete-sso-configuration) * [Enable Didomi console app SAML app in Google](#enable-didomi-console-app-saml-app-in-google) *** ### Retrieve SSO SAML identifiers To start, your organization needs to retrieve the SSO SAML identifiers from the Didomi console to continue setup in your identity provider. Click **My organization** and selecting **Single Sign-on** from the drop-down menu.
Use the provided fields in the **Get your SSO SAML identifiers** step to record the following:
IdentifierDescription
Configured issuerYour organization's identity provider's unique identifier within the Didomi console.
Login URLWhere user will be redirected after successful login on the identity provider.
Click **Continue** when finished. ### Create Didomi console app in Google Before configuring SSO your organization will need to add a Didomi console app in your Google account. While signed into your Google Admin console from a super administrator account: 1. Navigate to **Apps > Web and mobile apps**. 2. Click **Add app.** 3. Select **Add custom SAML app**. 4. In **app name,** enter a name for your new application that is recognizable as being for the Didomi console (e.g. Didomi Console). This is where your organization will configure the SSO SAML. 5. Click **Continue**. ### Retrieve Didomi console app metadata from Google The **Google Identity Provider** details page will provide your organization with the following information the Didomi needs to configure SSO. Record the values for the following fields (collectively Didomi refers to these values as metadata): * SSO URL * X.509 certificate Click **Continue** when finished. ### Add Didomi SSO SAML identifiers and attributes From the **Service Provider Details** window, input the Didomi SSO SAML identifiers in the appropriate provided fields:
Google fieldDidomi SSO SAML identifier
Assertion Consumer Service (ACS) URLLogin URL
Entity IDConfigured issuer
Additionally, set the following configuration for the following fields:
Name ID formatEmail
Name ID valueBasic information > Primary email
Under **Attribute mapping**, click **Add another mapping** to map additional attributes. 1. From **Google Director attributes**, select **Primary Email** 2. For **App attributes**: 3. Click **Finish**. ### Add Google metadata With the [metadata](#retrieve-didomi-console-app-metadata-from-google) from Google copied, navigate back to the SSO configuration within the Didomi console and input those values in the provided fields for the **Setup SSO settings** step.
Didomi metadataGoogle values
X509 certificateX.509 certificate
Login URLSSO URL
Click **Continue** when finished. ### Test and complete SSO configuration Didomi will verify the identity provider metadata. When successful, utilize the **Domain(s)** field to add email domains to which the SAML authentication will be restricted (*i.e. only users whose emails have this domain will be allowed to login with SSO SAML*). {% hint style="warning" %} For security, the domain added to the **Domain(s)** field must match the email domain of the user performing the configuration (e.g. `didomi.io` can only be added if the user adding it is signed into the Didomi console using an `@didomi.io` email address. To add more than one domain, please contact the Didomi support team via chat or email at . {% endhint %}
Click **Save settings**. Once enabled, it may take up to 24 hours for the configuration to be in effect. ### Enable Didomi console app SAML app in Google Once the SSO configuration is complete and tested, your organization can manage access to the Didomi console by performing the following: 1. Navigate to **Apps > Web and mobile apps**. 2. Select the Didomi console app 3. Click **User access**. Follow Google instructions on managing access. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.didomi.io/organization-and-account-settings/single-sign-on-sso/google-sso.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.