Saltar al contenido principal

Google Workspace (SAML)

This guide configures Casdoor as a SAML identity provider for Google Workspace single sign-on.

Add a certificate in Casdoor

Create an X.509 certificate with RSA in Casdoor and download it.

Agregar cert

Configure the SAML application in Casdoor

  1. On the application edit page, select the certificate and add your Google domain (e.g. google.com) to Redirect URLs.
  2. Set SAML reply URL to https://www.google.com/a/<your-domain>/acs. See SSO assertion requirements for the ACS URL.
  3. Copy the Sign-in page URL for the next step.

Seleccionar cert y agregar URLs de redirección Enter the SAML reply URL field Copia la URL de la página de inicio de sesión

Add third-party SAML IdP in Google Workspace

  1. In Google Workspace AdminSecurityOverview, find SSO with third-party IdP.
  2. Click Add SSO profile and enable Set up SSO with third-party identity provider.
  3. Paste the Casdoor sign-in page URL into Sign-in page URL and Sign-out page URL.
  4. Upload the certificate you downloaded from Casdoor and save.

Configurar Google Workspace

Test with a user

  1. In Google Workspace, create a user (e.g. username test).
  2. In Casdoor, create a user with the same username in the correct organization and set their email.

Agregar un usuario en Google Workspace Agregar un usuario en Casdoor

Sign-in flow: open the Google app (e.g. google.com) → sign in with the user’s email → redirect to Casdoor → enter Casdoor credentials → redirect back to Google when successful.

Resultado final