Google Apps SSO via SAML

Setting up single sign-on (SSO) from Google Apps with the SAML protocol is quick and easy.  Currently, this option is available only for the LAT and AMS products.

  1. As the Google admin, login to https://admin.google.com.
  2. Select Apps.
  3. Select SAML apps.
  4. Select the Add a service/App to your domain link or click the plus (+) icon in the bottom corner.
  5. Click Setup my own custom SAML App.
  6. The Google IDP Information window opens.  In Option 1, copy the SSO URL value onto a notepad.  You will need this value later when configuring the SAML portion in Taskstream.  Next, download the X.509 Certificate and then click Next.
  7. In Basic information for your Custom App page, enter the following and afterwards click Next:
    • Application Name - Enter Taskstream.
    • Description - Enter a description.
    • Upload Logo - You can attach the Taskstream logo file included in this help page.​​​
  8. At this point, please keep the Google window open as you will return to it later to finalize the setup.  Next, locate the certificate file that was downloaded from above.  Please rename the file extension from .pem to .cer.  You will need this file later to upload to Taskstream.
  9. Open another browser tab and login to your Taskstream account.  You will need to also have System Admin access.  If you have neither, please contact support@watermarkinsights.com for access.  After logging into the System Admin area, click on Single Sign-On.
  10. Select SAML Connection.
    • SAML Integration Method - Select HTTP POST.
    • Error Notication Email - Enter an email to receive any error notifications.
    • Idp URL - Paste the SSO URL from step #6 above.
    • Error URL - Add your own custom URL to provide details to the user on who to contact.  When the Taskstream integration is not able to match the connecting user to an existing Tasktream account, it will redirect to this URL.
    • Logout URL - Enter a URL to redirect to when a Taskstream user clicks the Logout button from Taskstream.
    • Metadata URL - Leave blank.
    • Use the Default SAML ID to Identify users - Select Yes.
    • Attribute Bindings
      • First Name - Enter "First".
      • Last Name - Enter "Last".
      • Email - Enter "Email".
    • CER Certificate file - upload the x.509 .cer file from step #8 above.
    • Click Continue and then Confirm.
  11. Back in the Manage Single Sign-On page, highlight the newly created SAML record.  Copy the ACS URLSP Initiated URL and the Entity ID values, as you will need it to complete the Google SAML setup.
  12. Now go back to the Google SAML setup window.  You should be on the Service Provider Details window.  Enter for the following fields and afterwards select Next.
    • ACS URL - Paste the ACS URL from step #11.
    • Entity ID - Paste the Entity ID from step #11.
    • Start URL - Paste the SP Initiated URL from step #11.
    • Signed Response - Leave the box unchecked.
    • Name ID - Select Basic Information and Primary Email.
    • Name ID Format - Select Transient.
  13. In the Attribute Mapping window:
    • Click Add New Mapping and Type in Email.  Important that this is case sensitive, so must match exact casing as the attribute email binding in step #10.  Select Basic Information and Primary Email.
    • Click Add New Mapping and Type in First.  Important that this is case sensitive, so must match exact casing as the attribute first name binding in step #10.  Select Basic Information and First Name.
    • Click Add New Mapping and Type in Last.  Important that this is case sensitive, so must match exact casing as the attribute last name binding in step #10.  Select Basic Information and Last Name.
    • Click Finish.
  14. You are done setting up SAML for Google Apps.  You can enable the SAML component by changing the status accordingly.

Articles in this section

How to Contact Support
There are many ways to reach out! Click here for our support options.
Watermark Academy
Click to access the Watermark Academy for consultation, training, and implementation companion courses.
Customer Community
Can’t find the answer? Ask fellow users how they’re making the most of Watermark in our Community!