How can we help?
Table of Contents
< All Topics

Google workspaces SAML Authentication with Cognito

There are two major steps in setting up Google Workspace SAML authentication.

  1. Create Groups

  2. Setup SAML application.

These two steps require the user to login to Google Workspace as an admin user

  • Create Groups

PaladinCloud has 4 roles

  • AccountManager

  • ReadOnly

  • TechnicalAdmin

  • SecurityAdmin

Need to create 4 Groups as shown below.

Directory – – > groups – – > create group

screenshot of group details

Click next and choose public and anyone in the organization can join and click on Create group

screenshot of the access type settings

  • Create SAML App

Note: ACS and entity ID are provided by PaladinCloud. These parameters will be used in Step 4 of creating SAML app.

Step 1:-

Apps –> web and mobile apps – – > Add app – – > Add custom SAML app

Admin > Add App screenshot

Step 2:-

Fill in the app details

App details screenshot

Step 3:-

In this step download the METADATAFILE to be provided to the PaladinCloud Team

Download Metadata screenshot

Step 4:-

Update ACS and entity ID which is provided by PaladinCloud Team.

Service provider details screenshot

Step 5:-

Update App attributes and the groups as shown below

SAML attribute matching screenshot
  1. Primary email (

  2. First name (

  3. Last Name

Google Groups:-

  • AccountManager

  • ReadOnly

  • TechnicalAdmin

  • SecurityAdmin

App attributes for the group is (

Once the above values are updated click on FINISH

Step 6:-

Click on user access in service status and select ON for everyone as shown in the below diagram

User access in service status screenshot

Screenshot of ON for everyone selected

Once the above steps click on Save

This would complete the Setup for SSO and can be tested once the Paladin Cloud team installs the Metadata file on their side.