These instructions are based on the G Suite Help Center guide for setting up custom SAML applications (https://support.google.com/a/answer/6087519?hl=en)
Single sign-on (SSO) lets users sign in to Zestful using their managed Google account credentials. The following assumes that you are an administrator for your Zestful account.
Step 1: Enable Zestful SSO support
- Contact support@zestful.com to have G Suite SSO enabled for your account.
- Once enabled, log in to your Zestful account and go to Settings -> SAML (SSO) Settings. Copy the ACS URL from the SAML Configuration section.
Step 2: Get Google identity provider (IdP) information
- In a separate browser tab or window, sign in to your Google Admin console.
- From the Admin console Home page, go to Apps > SAML Apps.To see Apps on the Home page, you might have to click More controls at the bottom.
- Click Add (+) at bottom right.
- Click Set up my own custom app at the bottom.The Google IDP Information window opens and the SSO URL and Entity ID fields automatically populate.
- Copy the SSO URL and Entity ID and download the Certificate.
Step 3: Set up Zestful as a SAML 2.0 service provider (SP)
- Switch back to the Zestful browser tab/window and enter information in the following fields on the SAML (SSO) Settings screen:
- Entity ID: the Entity ID you copied in Step 2.
- SSO Target URL: the SSO URL you copied in Step 2.
- Certificate: the certificate you downloaded in Step 2 (open the certificate file in a text editor or similar and copy+paste the content into the corresponding field on the SAML (SSO) Settings screen).
- Click Save Changes.
Step 4: Finish SSO configuration in G Suite admin console
- In the SSO configuration wizard, click Next.
- In the Basic information window, enter Zestful as application name and an optional description.
- Click Next.
- In the Service Provider Details window, enter the information into the following fields:
- ACS URL: the ACS URL copied in Step 1
- Entity ID: “Zestful”
- Signed Response: checked
- Name ID: select “Basic Information” and “Primary Email”
- Name ID Format: select “EMAIL”
- Click Next.
- Click Add new mapping and create the following mappings:
- Application attribute “email”: category “Basic Information”, user field “Primary Email”
- Application attribute “first_name”: category “Basic Information”, user field “First Name”
- Application attribute “last_name”: category “Basic Information”, user field “LastName”
- Click Finish.
Step 5: Enable SSO for Zestful
- Sign in to your Google Admin console.
- From the Admin console Home page, go to Apps > SAML Apps.To see Apps on the Home page, you might have to click More controls at the bottom.
- Select Zestful.
- At the top right of the gray box, click Edit Service .
- To apply settings to all organizations, click On for everyone or Off for everyone, and then click Save.
- Ensure that your user account email IDs match those in the domain for your Google service.
Step 6: Verify that SSO is working
- Close all browser windows.
- Open https://zestful.com/sign-in and attempt to sign in. You should be automatically redirected to the Google sign in page.
- Enter your sign in credentials.
- After your sign in credentials are authenticated, you are automatically redirected back to Zestful.