All Collections
Team and Company
Enabling Single Sign-On (SSO) from G Suite (Google Apps)

Enabling Single Sign-On (SSO) from G Suite (Google Apps)

Nate Vogels avatar
Written by Nate Vogels
Updated over a week ago

These instructions are based on the G Suite Help Center guide for setting up custom SAML applications (https://support.google.com/a/answer/6087519?hl=en)

Single sign-on (SSO) lets users sign in to Zestful using their managed Google account credentials. The following assumes that you are an administrator for your Zestful account.

Step 1: Enable Zestful SSO support

  1. Contact support@zestful.com to have G Suite SSO enabled for your account. 
  2. Once enabled, log in to your Zestful account and go to Settings -> SAML (SSO) Settings. Copy the ACS URL from the SAML Configuration section.

Step 2: Get Google identity provider (IdP) information

  1. In a separate browser tab or window, sign in to your Google Admin console.
  2. From the Admin console Home page, go to Apps > SAML Apps.To see Apps on the Home page, you might have to click More controls at the bottom. 
  3. Click Add (+) at bottom right.
  4. Click Set up my own custom app at the bottom.The Google IDP Information window opens and the SSO URL and Entity ID fields automatically populate.
  5. Copy the SSO URL and Entity ID and download the Certificate.

Step 3: Set up Zestful as a SAML 2.0 service provider (SP)

  1. Switch back to the Zestful browser tab/window and enter information in the following fields on the SAML (SSO) Settings screen:
  2. Entity ID: the Entity ID you copied in Step 2.
  3. SSO Target URL: the SSO URL you copied in Step 2.
  4. Certificate:  the certificate you downloaded in Step 2 (open the certificate file in a text editor or similar and copy+paste the content into the corresponding field on the SAML (SSO) Settings screen).
  5. Click Save Changes.

Step 4: Finish SSO configuration in G Suite admin console

  1. In the SSO configuration wizard, click Next.
  2. In the Basic information window, enter Zestful as application name and an optional description.
  3. Click Next.
  4. In the Service Provider Details window, enter the information into the following fields:
  5. ACS URL: the ACS URL copied in Step 1
  6. Entity ID: “Zestful”
  7. Signed Response: checked
  8. Name ID: select “Basic Information” and “Primary Email”
  9. Name ID Format: select “EMAIL”
  10. Click Next.
  11. Click Add new mapping and create the following mappings:
  12. Application attribute “email”: category “Basic Information”, user field “Primary Email”
  13. Application attribute “first_name”: category “Basic Information”, user field “First Name”
  14. Application attribute “last_name”: category “Basic Information”, user field “LastName”
  15. Click Finish.

Step 5: Enable SSO for Zestful

  1. Sign in to your Google Admin console.
  2. From the Admin console Home page, go to Apps > SAML Apps.To see Apps on the Home page, you might have to click More controls at the bottom. 
  3. Select Zestful.
  4. At the top right of the gray box, click Edit Service .
  5. To apply settings to all organizations, click On for everyone or Off for everyone, and then click Save.
  6. Ensure that your user account email IDs match those in the domain for your Google service.

Step 6: Verify that SSO is working

  1. Close all browser windows.
  2. Open https://zestful.com/sign-in and attempt to sign in. You should be automatically redirected to the Google sign in page.
  3. Enter your sign in credentials.
  4. After your sign in credentials are authenticated, you are automatically redirected back to Zestful.
Did this answer your question?