Skip to main content

SAML with Google Workspace

This guide walks you through configuring SAML 2.0 SSO between Google Workspace and NetActuate.

Prerequisites

  • Super Admin access to your Google Workspace Admin Console
  • Admin access to the NetActuate portal
  • A verified domain in your NetActuate account

Step 1: Add a Custom SAML Application in Google Workspace

  1. Log in to the Google Workspace Admin Console.
  2. Navigate to Apps → Web and mobile apps.
  3. Click Add app → Add custom SAML app.
  4. Enter an application name (e.g., "NetActuate") and click Continue.

Step 2: Download Google IdP Metadata

  1. On the Google IdP details page, you will see the SSO URL, Entity ID, and certificate.
  2. Click Download Metadata to save the IdP metadata XML file.
  3. Click Continue.

Note: Keep this metadata file available. You will upload it to the NetActuate portal in a later step.

Step 3: Configure Service Provider Details

Enter the following values:

FieldValue
ACS URLhttps://portal.netactuate.com/saml/acs
Entity IDhttps://portal.netactuate.com/saml/metadata
Name ID FormatEMAIL
Name IDBasic Information > Primary email

Click Continue.

Step 4: Configure Attribute Mapping

Add the following attribute mappings:

Google Directory AttributeApp Attribute
Primary emailemail
First namefirstName
Last namelastName

Click Finish.

Step 5: Enable the Application

  1. On the application details page, click User access.
  2. Select ON for everyone (or configure for specific organizational units).
  3. Click Save.

Note: It can take up to 24 hours for changes to propagate across all Google Workspace users, though it typically takes effect within minutes.

Step 6: Configure NetActuate

  1. Log in to the NetActuate portal.
  2. Navigate to Account → Settings → SAML.
  3. Upload the metadata XML file you downloaded from Google Workspace.
  4. Click Save.

Step 7: Test the Integration

  1. Open a new incognito/private browser window.
  2. Navigate to the NetActuate portal login page.
  3. Select SSO Login and enter your Google Workspace email address.
  4. Verify that you are redirected to Google for authentication and returned to the NetActuate portal.

Troubleshooting

  • "App is not configured" error: Ensure the application is enabled for the user's organizational unit in Google Workspace.
  • Attribute mapping issues: Verify the attribute names match exactly (email, firstName, lastName).
  • Users not seeing the app: Check that the application is turned on for the correct organizational unit and allow time for propagation.

Need Help?

If you run into issues, contact NetActuate Support.