# Google SAML SSO ### Introduction Google SAML provides secure identity management and single sign-on to applications that you can add to your Google Workspace account. From Google Workspace, you and your users can log in and then access applications such as Paradime without having to log in to each application. Organizations can use Google SAML 2.0 to connect Paradime to their Google Workspace instance. This page describes how to configure the Google SAML connection for Paradime. ### Creating a Google SAML Application 1. To connect your Google Workspace as an identity provider, you must create a SAML application. In your Google Admin Console, navigate to the Apps section.\ Go to **Apps > Web and mobile apps**, and select **Add App > Add custom SAML app**.

2. Enter your **App integration name** as Paradime.\ Add the Paradime Logo for the Application. You can download the Paradime logo here [Paradime Logo](https://paradime.notion.site/Icon-purple-90c6f9527e1e4195b95a6f4595e6f15c).

Select **Continue**. 3. In the **Google Identity Provider details** page, note the following information: * **SSO URL** * **Entity ID** * **Certificate** (download this file) You will need to share these details with Paradime Support. Select **Continue**.

4. In the **Service Provider Details** section, enter the following details: * **ACS URL**: Enter the URL below based on the region where your Paradime account is hosted

Region	ACS URL
EU 🇪🇺	`https://account.paradime.io/login/saml/callback`
US 🇺🇸	`https://account.us.paradime.io/login/saml/callback`

* **Entity ID**: `urn:account:paradime-io:samlp-` (Get the `` from Paradime Support) * **Name ID format**: Select **EMAIL** Select **Continue**.

5. In the **Attribute Mapping** section, configure the required attribute mappings.\ Select **Finish**. | Google Directory Attributes | App Attributes | | --------------------------- | -------------- | | First name | `given_name` | | Last name | `family_name` | | Primary email | `email` |

6. After creating the application, enable it for users in your organization.\ Click on **User Access** and update the **Service Status** to **ON** for all users or relevant groups within your organization.

{% hint style="danger" %} Make sure you add the user groups who need access to Paradime in the **User Access** section and verify the Service Status is set to ON. {% endhint %} ### Configuring Paradime to enable Google SAML SSO Once the Google SAML Application is configured, reach out to the Paradime team at and share the following information via a password manager like 1Password, Dashlane and similar: * **Entity ID** (from step 4 in the previous section) * **IdP metadata:** (In your Google Application, in the left panel click on "Download Metadata" and from option 1: download the metadata xml file. * **Certificate file** (In your Google Application, in the left panel click on "Download Metadata" and from option 2: download the certificate file. Paradime team will then create the SSO client and enable SSO on your company name. Wait for approximately 30 minutes for Google to apply the changes. Once confirmed, during login, users in your company will see a **Continue with Google SAML** option. {% hint style="success" %} If you already have an existing Social login setup, then using the Google SAML option, Paradime will automatically link your accounts and you can then use Google SAML SSO for all future logins. {% endhint %}