Setting up Google Workspace SSO
Availability: Enterprise Edition for users with Owner permissions
Google Workspace is one of the SAML integrations supported in the Enterprise Edition of Faros. This guide contains the setup steps for integrating Google Workspace with Faros in a SaaS deployment. This can include assigning Faros user roles through Google Workspace organizational units or groups.
Authentication: If your company email is hosted by Google (Gmail), you can always use Google's OAuth to log into Faros. This requires no additional set up and is available for all Faros editions.
Authorization: Enterprise customers can manage Faros users via Google Workspace by following the instructions in this document.
- Setup a new custom SAML application in Google Workspace Admin panel (official guide). Name it
Farosand use our logo (below).
- Create a valid certificate and download the metadata xml file
- In a separate browser window log in to Faros and then click on the profile icon in the top right corner of the window. Choose
Workspace Settingsoption from the drop down menu, then click the
Workspace(available to users with Faros
Add Newand fill out form as follows:
SAMLfor connection type
- Note the ACS URL and Entity ID values. You will enter these in Google Workspace.
Automaticand upload the metadata
xmlfile you downloaded from Google Workspace, or fill in the information manually:
- Enter the SSO endpoint from Google Workspace used for authenticating
- Provide the public certificate found in Google Workspace.
- Back in Google Workspace, enter the ACS URL and Entity ID. Make sure to leave the Start URL blank. Set Name ID type as Email and use Primary Email for the value.
- (Optional) Setup
Organizational unit pathas
groupsmapping. This would allow you to define a specific Faros role for each part of your organization. You can also add First name as
firstNameand Last name
Alternatively, if you plan on using Google Workspace groups for Faros roles be sure to select the necessary
Google groupsand use groups as a
- Back in Faros, click
Proceedand enter the domain of your emails. These will be the emails that can login to Faros via Google Workspace. Once you hit proceed you will be provided a TXT record. Add this to your DNS.
- Enter your default SSO roles. More information on roles here. Default SSO roles are given to all users added to your Faros app in Google Workspace, unless other roles are specified in the
Roles Groups Mappingsection (and you have
groupsattribute configured in Google Workspace SAML). Usually, you will want to put User as default role here; if you want your base user have Analyst capabilities, put both User and Analyst.
Setting up roles
Important: All roles must include the
Userrole to get baseline functionality. For example an analyst should get both the
Updated 6 months ago