Authentication
      Back to home
      1. Knowledge base
      2. Administration
      3. Authentication

      Google single sign-on (SSO) integration with Orchidea

      In this tutorial, you'll learn how to set up SSO in Orchidea with Google as your identity provider (Custom Saml App)

      📌This feature is available on Orchidea Professional and Enterprise plans

      Follow these steps to add custom SAML app (SSO) in the Google workspace admin portal.

      1. Click Web and mobile apps on the left side navigation in Google Admin. Then, from the Add app menu select Add custom SAML app.

      2. Fill in App name, Description and click Continue. 

      3. Download the metadata and click Continue

      4. 1. Add "https://app.orchidea.dev/api/saml/login/" to ACS URL as place holder address. This will be changed later. 2. Add "https://orchidea.dev" to Entity ID. 3. Select "Signed response" check box. 4. Choose EMAIL as Name ID format and click Continue

      5. Click Add mapping button three times to add needed attribute mappings. Select following Google directory attributes and write following texts to App attributes inputs:
        Primary email -> Email, First name -> First name, Last name -> Last name
        Click Finish

      6. Navigate to Workspace settings by clicking the sprocket icon in the right top corner of Orchidea.
      7. Click Authentication on the left-side navigation. Then, click + Add new IDP.

      8. Add all needed information:
        IDP name: E.g. Google. 
        Click Select file and choose the metadata file which you downloaded earlier from Google.

        Write following attribute names exactly like this:
        First name -> First name, Last name -> Last name, Email -> Email, User id -> Email


        Notice! (4)
        To ensure that new user accounts are automatically associated with this IDP upon their first login to Orchidea, enter the relevant email domains in the Automatic User Creation section. This will allow all users with matching email domains to be automatically linked to this IDP and required to use it for authentication.

        Click Submit to create new IDP
      9. Click Copy reply URL button from IDP you just created to copy the address to clipboard

      10. Go back to Google Admin panel and click down arrow from Service provider details -view


        Modify the ACS URL by pasting new value from clipboard. You copied this value in step 9. Click Save.


      11. Final step is to change User access, click the down arrow from User access -view



        And modify acces. Click Save
      12. To test the integration, you can (1) bind the IDP to chosen user by selecting the IDP for the user in User management list view. If you are testing this by your self, It's recommended to also switch the Manual sign in (2). This will ensure that you will not loose access to your workspace if the integration will not work for some reason.



        Sign out from Orchidea and sign back in using IDP option during the login process.