Step by step guide to configure Google Workspace as a SAML Identity Provider within Visma

Follow the steps below to configure  Google Suite as a SAML IdP within Visma. Keep the Authentication Settings open in your browser while you access your Google Suite in a new window or tab. You'll need to return to the Single Sign-On page to complete the configuration steps.

Prerequisites

• Google WorkSpace account with Admin rights

• All of your users under your account in Visma will need a pre-existing account in Google Workspace with exactly the same domain email address.

Configure Visma Single Sign-On to use Google Suite

1. Log into your  Google Admin page.

2. While in the Admin Console click on  Apps and then click on  Web and mobile apps.

3. At the top of the "Apps" table click the  Add App dropdown and select  Add custom SAML app. You'll be taken to a new page.

4. On the "Apps details" page type a name that will let you easily identify the provider. Click  CONTINUE.

   

5. The “Google Identity Provider details” page contains the information needed to configure Visma Single Sign-On. You can  Download the metadata now or later, after you finish the setup. Click  Continue. You will need the metadata to upload it into Authentication Settings section  3. Upload Google Workspace metadata into Visma.

   

6. While on the “Add custom SAML app” page copy:

• the  Entity ID from Authentication Settings and paste it into the  Entity ID field in Google.

• the  SAML Assertion Consumer from Authentication Settings and paste it into the  ACS URL field in Google.

7. Leave  Start URL empty.

8. Check the box next to  Signed Response.

9. Set  Name ID Format to EMAIL and click  CONTINUE.

   

10. On the “Attribute Mapping” click  ADD MAPPING two times. New rows will appear on the page.

    

11. Use the table below to add mappings onto the Google page from left to right for each row.

    

12. Click  FINISH. You’ll be taken to the application’s page in “Web and mobile apps”.

    

13. Download the metadata and upload it into Authentication Settings section  3. Upload Google Workspace metadata into Visma.

    

14. On the  Application page click the down arrow in the upper-right corner of “User access”. You’ll be taken to a new page.

15. Under “Service status” click ON for everyone and click SAVE.

    

16. Continue with your Advanced configuration in Authentication Settings and click  Save.

    

Testing Single Sign-On after Visma has made its configuration

1. To test SSO access either go to Google Apps in the right upper corner of the navigation bar( the dotted square) and choose your new application or go to you Visma MyDomain, e.g. https://example.my.connect.visma.com directly, and then click the Google Workspace button.