Connecting Mosaic with Google SAML

Initial Setup with Google SAML

  1. On Google Workspace, navigate to AppsWeb and mobile apps
21182118
  1. Click on App appAdd custom SAML app
480480
  1. Enter a custom App name. You can also add an optional description and an optional app icon.
19401940
  1. On the Google Identity Provider details page, use Option 2: Copy the SSO URL, entity ID and certificate. You will need to copy over the SSO URL, Entity ID, and Certificate onto Mosaic in Step #6.
18161816

Setup SAML on Mosaic

  1. Go to Mosaic settingsSecuritySAML 2.0 Single Sign On

🚧

Please Note:

Only admins are able to access the Security tab on Mosaic settings

27162716
  1. On Mosaic’s SAML 2.0 Single Sign On menu, fill in:
  • Domain:
    • Domain associated with Google Workspace.

🚧

Please Note:

The email associated with the admin (who is setting up the SAML) must have the same domain as the one being inputted.

  • For example, if the admin uses an email [email protected], the only domain the admin could input is thisisdomain.com.
  • SSO URL:
    • SSO URL copied from Option 2: Copy the SSO URL, entity ID, and certificate in Step #4.
  • Certificate:
    • Certificate copied from Option 2: Copy the SSO URL, entity ID, and certificate in Step #4.
13081308

Back on the Google Identity Provider details page:

  1. Copy and paste the ACS URL and Entity ID from Mosaic’s SAML 2.0 Single Sign On menu to Google’s Service provider details section; all other fields can remain untouched.
18681868
  1. Next, configure attribute mapping between Google Directory and App as follows.
11341134
  • Upon successful setup, users will be able to see the custom SAML app in Google Workspace’s Web and mobile apps section.
15401540
  1. By default, access to the new custom SAML app is turned OFF for everyone on Google Workspace.
  • To make the app available, click on the new custom SAML app.
22482248
  • Click on User access and then click ON for everyone and SAVE.
22502250
  1. Next, go back to Mosaic and click Done
13081308
  • Upon successful activation, SAML 2.0 Single Sign On will have the following options:
17281728
  1. Next time a user with an email address belonging to the specified domain logs into Mosaic, they will be redirected to authenticate with Google the moment they click Next after inputting their email.
27282728