All Categories > Integrations > How do I set up SSO access via Google Workspace?

How do I set up SSO access via Google Workspace?

This article shows you how to activate single sign-on via Google in TimeTac.


An initial step in connecting Google Workspace with TimeTac is creating and configuring a Google SAML application within your Google Workspace account. This application will be ‘in charge’ of communicating with our TimeTac system.


Prerequisites

You need a Google Workspace account with an active Super Administrator user.


Configure SAML-based Single Sign-On


1Sign in to your Google Workspace Admin Console.
2Open the Main Menu and click on AppsWeb- and mobile Apps.
3Click on add App and choose add custom SAML-App.
<p>Click on <em>add App </em>and choose <em>add custom SAML-App.</em></p><p><br></p>
4Define a name and description for the app.
5Your IdP metadata is provided in the next step. You must save this information for later use in the TimeTac SSO configuration.
  • SSO-URL: required for the fields Login-Url and Logout-Url in the SSO configuration in your TimeTac account
  • Entity ID: will be needed to set up SSO in your TimeTac account
  • Certificate: copy the string —-BEGIN CERTIFICATE—- and —-END CERTIFICATE—-. Make sure there are no line breaks in that string. That string will be used in the SSO configuration in your Timetac account.
<p>Your IdP metadata is provided in the next step. You must save this information for later use in the TimeTac SSO configuration.</p><p><br></p><ul><li><strong>SSO-URL:</strong> required for the fields <em>Login-Url </em>and <em>Logout-Url</em> in the SSO configuration in your TimeTac account</li><li><strong>Entity ID:&nbsp;</strong>will be needed to set up SSO in your TimeTac account</li><li><strong>Certificate:</strong>&nbsp;copy the string —-BEGIN CERTIFICATE—- and —-END CERTIFICATE—-. Make sure there are no line breaks in that string. That string will be used in the SSO configuration in your Timetac account.</li></ul>
6Define Service Provider Details by defining the Assertion Consumer Service (ACS) and the Entity ID:
  • Entity ID: Please use https://go.timetac.com/{accountName}/modules/saml/consume.php for that field. {accountName} has to be replaced with your TimeTac company account name
  • ACS URL: use https://go.timetac.com/{accountName}/modules/saml/consume.php. {accountName} has to be replaced with your TimeTac company account name
  • Signed Response must NOT be checked
  •  Name ID Format: Set it to EMAIL.
  • Ensure Name ID is set to Basic Information > Primary email.
<p>Define&nbsp;<em>Service Provider Details</em>&nbsp;by defining the Assertion Consumer Service (ACS) and the Entity ID:</p><ul><li><strong>Entity ID:&nbsp;</strong>Please use&nbsp;<em>https://go.timetac.com/{accountName}/modules/saml/consume.php&nbsp;</em>for that field. {accountName} has to be replaced with your TimeTac company account name</li><li><strong>ACS URL:&nbsp;</strong>use<em>&nbsp;https://go.timetac.com/{accountName}/modules/saml/consume.php</em>. {accountName} has to be replaced with your TimeTac company account name</li><li><strong>Signed Response </strong>must&nbsp;NOT<strong>&nbsp;</strong>be checked</li><li>&nbsp;<strong>Name ID Format: </strong>Set it to <em>EMAIL</em>.</li><li>Ensure <strong>Name ID</strong> is set to<em> Basic Information &gt; Primary email.</em></li></ul>
7After the last step from a previous part of the tutorial, you are redirected to your new app.By default, the newly created application is OFF for everyone, meaning it will not work for our users. To enable it, change it to ON for everyone.<p>After the last step from a previous part of the tutorial, you are redirected to your new app.</p><p>By default, the newly created application is<em> OFF for everyone</em>, meaning it will not work for our users. To enable it, change it to&nbsp;<em>ON for everyone.</em></p>

That's how you set up SSO access via Google Workspace.

Was this Article useful for you?

Yes, this was useful

No, this was not useful