Google Workspace
Configure Single Sign-On (SSO) with Google Workspace to enable seamless authentication for your ept AI users using their existing Google Workspace credentials.
Back to Integrations Overview
Overview
The Google Workspace SSO integration enables your ept AI users to:
- Sign in using their existing Google Workspace credentials
- Access ept AI without creating separate accounts
- Benefit from Google's enterprise security and compliance features
- Use Google's multi-factor authentication (MFA) and security policies
This integration supports both SAML 2.0 and OAuth 2.0 authentication methods, providing flexibility for different deployment scenarios.
Prerequisites
Before setting up the Google Workspace SSO integration, ensure you have:
- Google Workspace: Active Google Workspace subscription
- Admin Access: Google Workspace administrator access
- ept AI Setup: Your ept AI instance configured and ready
- Domain Control: Ability to configure DNS records for your domain
Setup Instructions
Step 1: Configure SAML App in Google Workspace
-
Enable SAML in Google Workspace:
- Log into your Google Workspace admin console
- Navigate to Apps > Web and mobile apps
- Click "Add custom SAML app"
-
Configure Application Settings:
- App name: "ept AI"
- Description: "AI-powered chatbot platform"
- App logo: Upload ept AI logo (optional)
- Click "Continue"
-
Configure Service Provider Details:
- ACS URL:
https://your-ept-ai-domain.com/saml/acs - Entity ID:
https://your-ept-ai-domain.com/saml/metadata - Start URL:
https://your-ept-ai-domain.com - Click "Continue"
- ACS URL:
-
Configure Attribute Mapping: Map Google Workspace attributes to ept AI user properties:
Primary email -> email
First name -> firstName
Last name -> lastName
Groups -> groups -
Configure User Access:
- Choose which organizational units can access the app
- Configure user provisioning settings
- Set up group-based access if needed
Step 2: Configure ept AI for Google Workspace SSO
-
Access SSO Settings:
- Log into your ept AI admin dashboard
- Navigate to Configuration > Users > SSO Settings
- Click "Configure SSO"
- Select "Google Workspace" as the SSO provider
-
Configure SAML Settings:
SSO Provider: Google Workspace
Entity ID: https://your-ept-ai-domain.com/saml/metadata
ACS URL: https://your-ept-ai-domain.com/saml/acs
Signing Certificate: [Download from Google Workspace] -
Attribute Mapping: Configure how Google Workspace attributes map to ept AI user properties:
{
"attribute_mapping": {
"email": "Primary email",
"first_name": "First name",
"last_name": "Last name",
"groups": "Groups"
}
}
Step 3: Test and Activate SSO
-
Test Configuration:
- Use Google Workspace's built-in SAML testing
- Verify attribute mapping and user provisioning
- Test sign-in flow from Google Workspace to ept AI
-
Activate Integration:
- Enable SSO in ept AI admin settings
- Configure fallback authentication options
- Set up user provisioning rules
Configuration Options
Authentication Methods
- SAML 2.0: Full SAML 2.0 protocol support
- OAuth 2.0: Alternative authentication method
- Hybrid Mode: Support both SAML and OAuth
- Force Authentication: Require re-authentication for sensitive operations
User Provisioning
- Just-in-Time (JIT): Automatically create users on first sign-in
- Attribute Mapping: Map Google Workspace attributes to ept AI user properties
- Group Synchronization: Sync Google Workspace groups to ept AI roles
- User Updates: Automatically update user information from Google Workspace
Security Settings
- Certificate Management: Upload and manage SAML signing certificates
- Encryption: Enable SAML response encryption
- Audit Logging: Log all SSO authentication events
- Access Control: Configure IP restrictions and access policies
Use Cases
Enterprise Authentication
- Centralized Identity: Use existing Google Workspace accounts for ept AI access
- Security Compliance: Meet enterprise security and compliance requirements
- User Management: Leverage Google Workspace's user lifecycle management
- Access Control: Use Google Workspace policies for conditional access
Multi-Factor Authentication
- MFA Integration: Leverage Google Workspace's MFA capabilities
- Security Keys: Support hardware security keys
- Device Trust: Integrate with Google's device trust features
- Risk-Based Authentication: Use Google's risk-based policies
Group-Based Access
- Role Assignment: Automatically assign ept AI roles based on Google Workspace groups
- Department Access: Control access by organizational departments
- Project Teams: Manage access for project-specific teams
- Temporary Access: Use Google Workspace's time-based access policies
Best Practices
Security Configuration
- Certificate Management: Regularly rotate SAML signing certificates
- Attribute Security: Only request necessary user attributes
- Access Policies: Configure appropriate access policies in Google Workspace
- Audit Monitoring: Monitor SSO authentication logs regularly
User Experience
- Branding: Configure consistent branding across Google Workspace and ept AI
- Error Handling: Provide clear error messages for authentication issues
- Fallback Options: Configure fallback authentication methods
- User Training: Train users on the new sign-in process
Integration Management
- Testing: Regularly test the SSO integration
- Documentation: Maintain up-to-date configuration documentation
- Monitoring: Monitor integration health and performance
- Updates: Keep both Google Workspace and ept AI updated
Troubleshooting
Common Issues
Authentication Failures:
- Verify SAML certificate is valid and not expired
- Check attribute mapping configuration
- Verify ACS URL and Entity ID match exactly
- Review Google Workspace application configuration
User Provisioning Issues:
- Check attribute mapping in both Google Workspace and ept AI
- Verify user attributes are being sent correctly
- Review user creation and update rules
- Check group synchronization settings
Session Management:
- Verify session timeout configurations
- Check single logout (SLO) configuration
- Review browser cookie settings
- Test session renewal process
Getting Help
- Google Workspace Documentation: Google Workspace SAML Setup
- SAML Testing: SAML Tracer browser extension
- Support: Contact support@ept.ai for integration assistance
Related Resources
-
Users - Manage user access and permissions
-
Google Chat Integration - Google Chat platform integration
-
Okta Workforce Integration - Alternative enterprise SSO option