Google Workspace SAML and Single Sign On (SSO) Configuration¶
With SAML support, Observe supports using Google Workspace as an Identity Provider (IdP). Use the following instructions to configure Google Workspace parameters.
Configuring Google Workspace for SAML and SSO¶
Log into the Google Workspace Admin portal,
admin.google.com
, as a super administrator.

Figure 1 - Google Workspace App page
2. Navigate to Apps > Web and mobile apps, admin.google.com/ac/apps/unified
.
3. Select Add App > Add custom SAML app.
4. Enter Observe as the App name.
5. Download the Observe icon from https://s3-us-west-2.amazonaws.com/observeinc.com/assets/saml-icon.png
, and use it as the App icon.
Note
You cannot add or change the App icon after you configure SAML SSO.

Figure 2 - Google Workspace App Details
6. Choose Continue.
7. On the Google Identity Provider details page, click Continue.
8. Enter the following Service Provider Details:
ACS URL -
https://${CUSTOMER_ID}.observeinc.com/auth/saml2/callback
Entity ID -
https://${CUSTOMER_ID}.observeinc.com/auth/saml2/callback
Start URL -
https://${CUSTOMER_ID}.observeinc.com/
Signed Response -
check
Name ID format -
EMAIL
Name ID -
Basic Information > Primary email

Figure 3 - Service Provider Details
9. Click Continue.
10. To map attributes, click Add Mapping and use the following Google Directory attributes and App attributes:
Google Directory attribute |
App attributes |
---|---|
First name |
|
Last name |
|
Primary email |
|

Figure 4 - Google SAML Mapping Details
11. Click Finish, and review the Observe app page. By default, no users have access to the app.

Figure 5 - Observe App Details
12. Click User access, and add users to the Observe app.
13. On the Service provider details card, select Manage Certificates.
NOTE THE CERTIFICATE EXPIRATION DATE! If this is the first SAML app you’ve configured for Google Workspace, then Google provides you with a new certificate, valid for five years from today. If you have previously configured other SAML apps, the certificate may be an older one. Observe does not currently warn when the certificate expires. When this certificate expires, your SAML integration does not function. To allow the maximum time before expiration, choose ADD CERTIFICATE if the certificate expires in under three years.
Configuring Observe for Google Workspace SSO¶
Log into Observe using the URL,
https://${CUSTOMER_ID}.observeinc.com/settings/customer
.Copy the SSO URL from Google and paste it into the Entry Point field in Observe. The SSO URL has the format
https://accounts.google.com/o/saml2/idp?idpid=ACCT_ID
.Copy the certificate in Google and paste it into Observe’s Cert field.

Figure 6 - SAML Certificates

Figure 7 - Observe SAML Details
Click Add SAML Provider. The settings appear in the Customer Auth Details.
Testing the SAML Login from Google¶
Return to the Observe app configuration page on Google.
Click X to close the SAML Certificates panel.
Click Test SAML Login. If you added yourself as a user, then you log into Observe. If you did not add yourself as a user, the login successfully fails.
Now, when you return to the Observe Welcome page at https://${CUSTOMER_ID}.observeinc.com/
, a new button, Continue with SSO, appears on the page.

Figure 8 - Observe Login with Google SSO
Note
It can take a significant amount of time for Google to apply the configuration changes. Please allow up to 24 hrs for change propagation to complete.