All Collections
Authentication
Google
Configuring SSO for Google
Configuring SSO for Google
Matt Stansfield avatar
Written by Matt Stansfield
Updated over a week ago

Follow the below instructions to configure SSO for your Quoter account using Google as the SAML identity provider.

Prerequisites

  • You must be subscribed to our Pro or Enterprise plans

  • You must be an Account Owner to configure SSO for your Quoter account.

  • Ensure your users are provisioned in the identity provider (Google), with exactly the same email address as their Quoter account. We don’t create user accounts under SSO.

  • Before turning this feature on, log in to your Quoter account twice - once in a regular browser and once in an incognito/private window to ensure that you are still logged in to your account if you get locked out in the other window. Alternatively, you can also log in using two separate browsers.

Configuring Google

1. As an administrator on your G Suite account, sign in to https://admin.google.com/.

2. Click through to Apps > SAML Apps.

3. Click the blue plus sign icon in the bottom right corner to open a dialog that will help you build a custom app step by step.

4. From the Enable SSO for SAML Application (step 1/5), click on Setup my own custom app at the bottom of the screen.

5. From the Google IdP Information (step 2/5), you will find an SSO URL and Entity ID which you will enter in Quoter later. For now, click Download to download the certificate. You'll need information from it in a moment. Click Next.

6. From the Basic information for your Custom App (step 3/5), you can add a name (required), description, and logo in the fields provided to identify the app. Click Next.

7. From the Service Provider Details (step 4/5), enter the required information below. When you're done entering the information, click Next.

  • ACS URL: The URL should be https://subdomain.quoter.com/users/login_saml (with your Quoter subdomain where it says subdomain)

  • Entity ID: Enter subdomain.quoter.com (with your Quoter subdomain where it says subdomain)

  • Name ID: Basic Information – Primary Email

  • Name ID Format: EMAIL

8. Leave this window open as you configure Quoter, but remember to click Finish on the Attribute Mapping (step 5/5) when you are done configuring SSO in Quoter. No action is required on the Attribute Mapping step.

Configuring Quoter

After setting up Google, you need to configure your Quoter account to authenticate using SAML. You will need the fingerprint and a few pieces of information from Google to finish the configuration.

It's highly recommended that before you begin the below set of instructions, log in to your Quoter account twice - once in a regular browser and once in an incognito/private window.

Alternatively, you can also log in to two separate browsers to ensure that you are still logged in to your account in case you are locked out in the other window.

1. Log in to Quoter and click Account in the top navigation bar.

2. Click Authentication and then turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. You will need to collect information from G-Suite and enter it into this form.

  • Copy the Google Entity ID and paste it in the Quoter Issuer (Entity ID) field.

  • Copy the Google SSO URL and paste it in the Quoter SAML Login URL field.

  • For the SAML Logout Endpoint URL, enter a URL where Quoter can redirect users after they sign out of Quoter. Google does not provide this URL, and this value cannot be left empty. Recommended value: https://apps.google.com/user/hub.

  • Enter the certificate in the Quoter Certificate field. Important: Ensure there are no extra spaces trailing at the end of the Certificate string (i.e. after -----END CERTIFICATE-----).

3. Click Save to complete the setup of your account only when all information has been entered. If you turn on SSO before the information is entered, it will break the login experience for all users on your account.

Before you can test your access, you must make one more change.

Enabling the app for your domain

When you create a SAML app, it is turned off by default. This means that for users signed in to your Google domain account, the app will not be visible to them. To turn it on, go to your Google Admin console, click App, and then click SAML Apps. Find your app and select an action from the right side of the screen:

If you do not want to activate the app for everyone, you can take advantage of G Suite/Google Apps organizational units and activate the app for only a subset of users. Refer to the Google documentation for further details about creating these organizations.

Testing SSO authentication

Before you configured SSO, you should have opened Quoter in two separate browsers. If you get locked out, you will be able to use the incognito/private window to turn off SSO while you investigate the cause.

For testing, sign out of Google. In a new browser session, sign in to Google again. Next, on the Google search page, click the grid icon to expand the apps menu and then click the More link to see additional apps. Find the app you created and click on it to sign in to Quoter.

Another way to test SSO access is to go to your account subdomain (subdomain.quoter.com) directly.

Did this answer your question?