ScreenSteps Help

How to Set up Single Sign-on with Google Workspace

Updated on

Workflows are not supported in your browser.
Please use a recent version of Chrome, Edge, Firefox or Safari to display this page.

Prepare for SSO Configuration

  • Ensure you have:
    • Google Workspace: Google Workspace Super Admin or an admin with privileges to manage SAML apps/administrator credentials
    • ScreenSteps: Account Admin
    • ScreenSteps SSO-enabled subscription

Add a Group in ScreenSteps

  1. Sign in to ScreenSteps as an Account Admin

    If you are not an Administrator, reach out to your ScreenSteps contact to create a user account that is an Account Admin.

  2. Go to Account Settings 
  3. Click Groups
  4. Create group
  5. Name the group > Create

    You can call it SSO Authorization or something similar.

Add Group to Site

  1. Navigate to Site's Permissions
  2. Click Add group
  3. Select Group > Assign Permission level to View

Configure Identity Provider in ScreenSteps

  1. Click Site Management
  2. Click Configure in Admin Tab

    You are going to configure the Login method.

  3. Select SAML as the identity provider
  4. Type CHANGE > Click Change

Copy the SAML Consumer URL and Entity ID for later use

  1. Click Configuration Tab
  2. Copy SAML consumer URL

    Scroll down the page and copy the SAML consumer URL > paste it to a text editor (you will use this later).

  3. Copy Entity ID

    Copy the Entity ID > paste it to a text editor (you will use this later).

Add a service/App to your domain

  1. Click Apps in your Google Admin console
  2. Click SAML apps
  3. Click "Add a service/App to your domain"

Configure ScreenSteps SSO (SAML)

  1. Click "Setup My Own Custom App"
  2. 2. Copy URL and Download Certificate

    From the Google IdP Information screen do the following:

    1. Copy the SSO URL to the clipboard.

    2. Click the Download button next to Certificate to download a PEM file. You will upload this file to ScreenSteps in just moment.

Configure the Remote Login URL

  1. Paste the URL that you copied from the Google IdP Information browser window.
  2. Upload the SAML Certificate

    Upload the SAML file that you downloaded previously in Google Apps.

    Click on the Certificate tab and then click on the the Upload Certificate file button. You will be prompted to select a file. Select the .pem file you downloaded from Google. The file should start with GoogleIDPCertificate-.

  3. Select the group

    Select the group you created earlier so that when a new user is added to ScreenSteps via SSO, they will automatically be added to this group.

Add ScreenSteps service provider details to the Google Workspace SAML app

  1. Navigate back to Google and click Next

    Return to the Google browser window and click the Next button.

  2. Enter ScreenSteps as the Application Name then click "Next"
  3. Confirm

    1. Confirm Application Name says ScreenSteps

    2. Click Next

Enter Service Provider Details

  1. In the Google Admin console, open your ScreenSteps custom SAML app 
  2. Go to the Service provider details step (or edit the app to update these values).
  3. Enter the following values:
    • ACS URL: what you previously copied from ScreenSteps
    • Entity ID (SP Entity ID / Identifier): what you previously copied from ScreenSteps
    • Start URL: Leave Blank
    • Name ID format: EMAIL

  4. Set the Name ID to Basic information and Primary Email.

Finish Setting up SSO in Google

  1. Click Finish

    You do not need to add any mappings. Click Finish.

  2. Click OK

Turn SAML app on in Google

  1. Turn ScreenSteps SAML app on

    Before you can test the SAML integration you will need to turn it on in Google Apps. From the settings page click on the menu to turn it on.

Test SSO Configuration

  1. Go to the Testing and Activation tab in ScreenSteps.
  2. Copy the SAML Test URL.
  1. Open an Incognito browser window and paste the URL.
  2. Sign in with the test user credentials.
  3. Verify access and user appearance in ScreenSteps.
Did the test work?

Activate Identity Provider

  1. From the Activation tab, check the Active box.
  2. Click Done.

 

Congratulations, you are done!
Previous Article How to update your certificate from Azure/Entra and add it to ScreenSteps
Next Article Adding a user to a group in Entra ID

Authentication (SSO, SCIM, SAML, Usernames, Passwords)

Passwords 1
Single Sign-on 8
Single Sign-on FAQs 4
Using ScreenSteps Remote Authentication with Atlassian Crowd 2

Other Resources