Passer au contenu principal

Google Workspace (SAML)

This guide configures Casdoor as a SAML identity provider for Google Workspace single sign-on.

Add a certificate in Casdoor

Create an X.509 certificate with RSA in Casdoor and download it.

Ajouter un cert

Configure the SAML application in Casdoor

  1. On the application edit page, select the certificate and add your Google domain (e.g. google.com) to Redirect URLs.
  2. Set SAML reply URL to https://www.google.com/a/<your-domain>/acs. See SSO assertion requirements for the ACS URL.
  3. Copy the Sign-in page URL for the next step.

Sélectionnez le certificat et ajoutez des URL de redirection Enter the SAML reply URL field Copiez l&#39;URL de la page de connexion

Add third-party SAML IdP in Google Workspace

  1. In Google Workspace AdminSecurityOverview, find SSO with third-party IdP.
  2. Click Add SSO profile and enable Set up SSO with third-party identity provider.
  3. Paste the Casdoor sign-in page URL into Sign-in page URL and Sign-out page URL.
  4. Upload the certificate you downloaded from Casdoor and save.

Configurer Google Workspace

Test with a user

  1. In Google Workspace, create a user (e.g. username test).
  2. In Casdoor, create a user with the same username in the correct organization and set their email.

Ajouter un utilisateur dans Google Workspace Ajouter un utilisateur dans Casdoor

Sign-in flow: open the Google app (e.g. google.com) → sign in with the user’s email → redirect to Casdoor → enter Casdoor credentials → redirect back to Google when successful.

Résultat final