Setting up Google Workspace SSO
Availability: Enterprise Edition for users with Owner permissions
Google Workspace is one of the SAML integrations supported in the Enterprise Edition of Faros. This doc contains the setup steps for integrating Google Workspace with Faros in a SaaS deployment. This can include assigning Faros user roles through Google Workspace organizational units or groups.
Setup
- Setup a new custom SAML application in Google Workspace Admin panel (official guide). Name it
Faros
and use our logo (below).


Custom SAML application


Faros Logo
- Create a valid certificate and download the metadata xml file


- Start the setup in Faros to get the corresponding configuration. Open Faros in a new tab and navigate to your
profile
and click theSSO
option underWorkspace
(Faros Owner role required)




-
Select
Add New
and fill out form as follows:- Choose
SAML
for connection type - Note the ACS URL and Entity ID values. You will enter these in Google Workspace.
- Choose
-
Click
Automatic
and upload the metadataxml
file you downloaded from Google Workspace, or fill in the information manually:- Enter the SSO endpoint from Google Workspace used for authenticating
- Provide the public certificate found in Google Workspace.


Automatic Metadata upload
- Back in Google Workspace, enter the ACS URL and Entity ID. Make sure to leave the Start URL blank. Set Name ID type as Email and use Primary Email for the value.


- (Optional) Setup
Organizational unit path
asgroups
mapping. This would allow you to define a specific Faros role for each part of your organization. You can also add First name asfirstName
and Last namelastName
attributes respectively.
Alternatively, if you plan on using Google Workspace groups for Faros roles be sure to select the necessary
Google groups
and use groups as aApp attribute
name.


- Back in Faros, click
Proceed
and enter the domain of your emails. These will be the emails that can login to Faros via Google Workspace. Once you hit proceed you will be provided a TXT record. Add this to your DNS.


- Enter your default SSO roles. More information on roles here. Default SSO roles are given to all users added to your Faros app in Google Workspace, unless other roles are specified in the
Roles Groups Mapping
section (and you havegroups
attribute configured in Google Workspace SAML). Usually, you will want to put User as default role here; if you want your base user have Analyst capabilities, put both User and Analyst.
Setting up roles
Important: All roles must include the
User
role to get baseline functionality. For example an analyst should get both theUser
andAnalyst
roles.


Updated 20 days ago