Google Configuration

Owned by Rashmi Likhite
Last updated: Apr 10, 2017
2 min read

Here is how to set up a SAML application in Google:
 

  1. Sign in to your Google Admin console using an administrator account.
  2. Click Apps > SAML apps.
  3. Click the plus (+) icon in the bottom corner.
  4. Click on SETUP MY OWN CUSTOM APP.
  5. The Google IDP Information window opens and the SSO URL and the Entity ID fields are automatically populated. 
    You need to copy the Entity ID and the SSO field values and download the IDP metadata (Option 2) to paste them into the appropriate fields in Celoxis.
  6. After you have entered this information in Celoxis, come back to the admin console and click Next.
  7. In the Basic Information window, add an Application name and Description
  8. Click Next.
  9. In the Service Provider Details window, add an ACS URL, an Entity ID, and a start URL. These information will be provided by Celoxis.
    • ACS URL: Copy this from the SSO tab in Celoxis.
    • Entity ID: Enter celoxis.com
    • Start URL: For SaaS, enter https://app.celoxis.com/psa/person.Login.do
                        For On-Premise, enter https://your_URL/person.Login.do

  10. Leave Signed Response unchecked.
  11. Under the Name ID, for Basic Information, select Primary Email.
  12. Under Name ID Format drop-down, pick EMAIL.
  13. Click on Next.
  14. Click Finish.

You need to now enable this for your users. To do so, 

  1. Go to Apps > SAML apps. Select the SAML app your created above.
  2. At the top of the gray box, click on Settingsand choose On for everyone to turn on the service for all users (click again to confirm).

Common Errors

  1. Error message: Error: app_not_enabled_for_user
    Solution: You have not enabled the SAML app for your users. Follow the steps mentioned above to enable the app for everyone.
    The same error will be shown if you are logged in to Google account using a different user than the one setup for IDP.

  2. Error Message:  Server Error : No company found with company code: XXXX
    Solution: The ACS URL you have entered in Google configuration is incorrect. Copy the correct URL from the ACS URL field under Single Sign-On tab in Celoxis.
     
  3.  Error MessageInvalid Request, no idpId in request URL or Destination param of the SAML request. 
    Solution: The IDP URL you entered in Celoxis is incorrect. You need to copy this from your IDP and paste it in Celoxis.