Google Workspace (SAML)
This guide configures Casdoor as a SAML identity provider for Google Workspace single sign-on.
Add a certificate in Casdoor
Create an X.509 certificate with RSA in Casdoor and download it.

Configure the SAML application in Casdoor
- On the application edit page, select the certificate and add your Google domain (e.g.
google.com) to Redirect URLs. - Set SAML reply URL to
https://www.google.com/a/<your-domain>/acs. See SSO assertion requirements for the ACS URL. - Copy the Sign-in page URL for the next step.

Add third-party SAML IdP in Google Workspace
- In Google Workspace Admin → Security → Overview, find SSO with third-party IdP.
- Click Add SSO profile and enable Set up SSO with third-party identity provider.
- Paste the Casdoor sign-in page URL into Sign-in page URL and Sign-out page URL.
- Upload the certificate you downloaded from Casdoor and save.
