Google Workspace
Set up SSO with Google Workspace
Requirements
- Your organization must use Google Workspace for authentication.
- You need an Admin role.
Just-in-Time (JIT) Provision
With SAML integration, users created on your end can log in to Kubit immediately, provided they are in a group with access. User profiles update automatically at each login. If a user is deleted or deactivated, they lose access to Kubit instantly, with no offline communication needed.
Configure SAML App
1. Open Google Workspace Admin Console
Log in to the Google Workspace admin console and navigate to Apps > Web and mobile apps.
2. Add a SAML App
Select Add app and choose Add custom SAML app.
3. Configure App Details
On the App details screen, name the app Kubit. Download the Kubit logo from the provided URL and upload it as the app icon.
4. Share the Metadata File
In the Google Identity Provider details step, click DOWNLOAD METADATA and share the file with the Kubit Team.
5. Service Provider Details
Use the provided ACS URL and Entity ID from Kubit in the Service provider details step.
6. Attributes Mapping
Map attributes as follows:
| Google Directory Attributes | App Attributes |
|---|---|
| Primary email | |
| First name | given_name |
| Last name | family_name |
| First name | name |
Roles and Permissions
Manage permissions on the Kubit platform using IdP groups by mapping thegroupsattribute. This step is essential for using groups for permission management.
7. Test
After configuration, collaborate with the Kubit Team to test the integration. A test URL will be provided.
8. Open Access
You can enable the Kubit App for everyone or a specific group.
IdP-Initiated Login
For security reasons, Kubit does not support IdP-Initiated SSO. Users must initiate login from the Kubit website (SP-Initiated). Clicking the Kubit App logo on the Google Workspace Dashboard will not work, and there is no known method to hide the logo.
References
Updated 4 days ago