Zum Hauptinhalt springen

Google Workspace (SAML)

This guide configures Casdoor as a SAML identity provider for Google Workspace single sign-on.

Add a certificate in Casdoor

Create an X.509 certificate with RSA in Casdoor and download it.

Zertifikat hinzufügen

Configure the SAML application in Casdoor

  1. On the application edit page, select the certificate and add your Google domain (e.g. google.com) to Redirect URLs.
  2. Set SAML reply URL to https://www.google.com/a/<your-domain>/acs. See SSO assertion requirements for the ACS URL.
  3. Copy the Sign-in page URL for the next step.

Zertifikat auswählen und Weiterleitungs-URLs hinzufügen Enter the SAML reply URL field Anmeldeseiten-URL kopieren

Add third-party SAML IdP in Google Workspace

  1. In Google Workspace AdminSecurityOverview, find SSO with third-party IdP.
  2. Click Add SSO profile and enable Set up SSO with third-party identity provider.
  3. Paste the Casdoor sign-in page URL into Sign-in page URL and Sign-out page URL.
  4. Upload the certificate you downloaded from Casdoor and save.

Google Workspace konfigurieren

Test with a user

  1. In Google Workspace, create a user (e.g. username test).
  2. In Casdoor, create a user with the same username in the correct organization and set their email.

Einen Benutzer in Google Workspace hinzufügen Einen Benutzer in Casdoor hinzufügen

Sign-in flow: open the Google app (e.g. google.com) → sign in with the user’s email → redirect to Casdoor → enter Casdoor credentials → redirect back to Google when successful.

Endergebnis