Google Workspace Single Sign-On via SAML

Using Security Assertion Markup Language (SAML), your users can use their Google Cloud credentials to sign into Dialpad.

Let's dive into the details.

Configure Google Workspace SSO SAML

First, you'll need to configure SSO with Google as SAML IdP. 

From your Google Admin Portal:

1. Select Security
2. Select Authentication
3. Select SSO with SAML applications
4. Copy the SSO URL and Entity ID
   1. You will need these details when configuring your Service Provider (SP)
      
      
5. Select ADD CERTIFICATE
6. Copy the certificate
   1. You will need the certificate details when configuring your Service Provider (SP)
      
      

Set up Dialpad as a SAML 2.0 Service Provider (SP)

Next, it's time to set up Dialpad as a SAML 2.0 Service Provider. 

1. Go to https://dialpad.com/authentication/saml 
2. Select Google from the list of providers
3. Enter the SSO URL and Entity ID in the appropriate fields
4. Paste the copied X.509 Certificate into the Certificate box
   • Remove “BEGIN” and “END CERTIFICATE” 
5. Select Save

Set up Google Workspace as a SAML Identity Provider (IdP)

Now it's time to set up Google Workspace as a SAML Identity Provider.

From the Google Admin Portal:

1. Select Apps
2. Select Web and mobile apps
3. Select the Add app, then Search for apps
    
4. Enter Dialpad
5. Select Dialpad Web (SAML)
6. Navigate to Option 2 and enter the SSO URL, Entity ID and Certificate saved from Step 1
7. Select Continue 
8.  Enter the following Dialpad-specific provider details
   1. ACS URL: https://dialpad.com/saml/sso/google/your-domain.com
   2. Entity ID: https://dialpad.com/api/saml/metadata/google/your-domain.com
   3. Start URL: https://dialpad.com
   4. Leave the Signed Response box unchecked
      1. When the Signed Response box is unchecked, only the assertion is signed
      2. When the Signed Response box is checked, the entire response is signed 
   5. Set the NameID Format to Transient 
   6. Set the Name ID as the primary email 
9. Select Continue
10. Navigate to Attribute Mapping
11. In the Basic Information category:
    1. Provide the "Primary Email" [Email], "First Name" [FirstName], and "Last Name" [LastName] 
    2. Select Finish

Turn on SSO for Dialpad 

Now it's time to turn on SSO for your Dialpad App

From the Google Admin console:

1. Navigate to Apps
2. Select Web and mobile apps
3. Select Dialpad
4. Select User Access
5. Select On for everyone
6. Select Save
   

Verify SSO is working between Google Workspace and Dialpad

Now it's time to do a final check and verify that SSO works between Google Workspace and Dialpad.

1. Open https://dialpad.com/saml/login/google/your-domain.com  
   1. or, head to https://dialpad.com/login and select Log in with another provider
2. Enter your company domain, then select Next
   

That's it! You'll be redirected to Google for authentication and then automatically redirected back to Dialpad.

Enforcing SAML-based SSO 

Add an extra level of security by blocking your users from using other SSO providers when logging into Dialpad. 

To restrict the use of other authentication providers, navigate to your Admin Settings at Dialpad.com

1. Select My Company
   
2. Navigate to Authentication
3. Select SAML
4. Select Prevent users from logging in with other SSO providers
5. Select Save