GSuite SSO Setup for SWOOP (Workplace)

Preparation

This guide assumes you are using GSuite for access to Workplace. The process for SWOOP is similar to Workplace except we do not do directory synchronisation.

The starting point for this guide is that you are logged in as a the GSuite administrator:  (https://admin.google.com )

You will need a ACS URL that corresponds to your SWOOP instance in the following format:

https://<your name>.swoopanalytics.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp  

You will need an Entity ID URL:

https://<your name>.swoopanalytics.com/simplesaml/module.php/saml/sp/metadata.php/default-sp

You starting URL is:

https://<your name>.swoopanalytics.com

For convenience, you can copy/paste the URLS from here: ('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' for ACS and 'EntityID'):

https://<your name>.swoopanalytics.com/simplesaml/module.php/saml/sp/metadata.php/default-sp?output=xhtml

(PS: It would be nice if GSuite read the meta data but it doesn't)

Replace '<your name>' with your SWOOP domain.

Setup

From the main GSuite administrator  ( https://admin.google.com ):

1. Click on the 'Apps (manage app and their settings)' and then 'SAML apps (Manage SSO and User Provisioning). 
2. Click on '+' to add a new App
3. Click on 'SET UP MY OWN CUSTOM APP' at the bottom.
4. Download the 'IDP metadata' file (send this to us).
5. Click 'NEXT'
6. Fill in this 'Basic information for your Custom App' as you like it and click 'NEXT'.
7. Fill in the ACS URL, Entity URL and Start URL as per above.
8. Set Name ID Format to EMAIL and click NEXT
9. Click next for the 'Attribute Mapping'

Here is what the configuration should look like: