Google Workspace Single Sign-On via SAML
    • 13 Nov 2024
    • 2 Minutes to read
    • Dark
      Light
    • PDF

    Google Workspace Single Sign-On via SAML

    • Dark
      Light
    • PDF

    Article summary

    Using Security Assertion Markup Language (SAML), your users can use their Google Cloud credentials to sign into Dialpad.

    Let's dive into the details.

    Who can use this feature

    Dialpad's Google Workspace SAML integration is available to all Dialpad users.

    *If you're on a Standard or Pro level plan, you must contact Customer Care to enable this feature. 

    To configure this integration, you must be signed to Google Workspace as a Super Admin.


    Configure Google Workspace SSO SAML

    First, you'll need to configure SSO with Google as SAML IdP. 

    From your Google Admin Portal:

    1. Select Security
    2. Select Authentication
    3. Select SSO with SAML applications
    4. Copy the SSO URL and Entity ID
      1. You will need these details when configuring your Service Provider (SP)

    5. Select ADD CERTIFICATE
    6. Copy the certificate
      1. You will need the certificate details when configuring your Service Provider (SP)

    Set up Dialpad as a SAML 2.0 Service Provider (SP)

    Next, it's time to set up Dialpad as a SAML 2.0 Service Provider. 

    1. Go to https://dialpad.com/authentication/saml 
    2. Select Google from the list of providers
    3. Enter the SSO URL and Entity ID in the appropriate fields
    4. Paste the copied X.509 Certificate into the Certificate box
      • Remove “BEGIN” and “END CERTIFICATE” 
    5. Select Save

    Set up Google Workspace as a SAML Identity Provider (IdP)

    Now it's time to set up Google Workspace as a SAML Identity Provider.

    From the Google Admin Portal:

    1. Select Apps
    2. Select Web and mobile apps
    3. Select the Add app, then Search for apps
       
    4. Enter Dialpad
    5. Select Dialpad Web (SAML)
    6. Navigate to Option 2 and enter the SSO URL, Entity ID and Certificate saved from Step 1
    7. Select Continue 
    8.  Enter the following Dialpad-specific provider details
      1. ACS URL: https://dialpad.com/saml/sso/google/your-domain.com
      2. Entity ID: https://dialpad.com/api/saml/metadata/google/your-domain.com
      3. Start URL: https://dialpad.com
      4. Leave the Signed Response box unchecked
        1. When the Signed Response box is unchecked, only the assertion is signed
        2. When the Signed Response box is checked, the entire response is signed 
      5. Set the NameID Format to Transient 
      6. Set the Name ID as the primary email 
    9. Select Continue
    10. Navigate to Attribute Mapping
    11. In the Basic Information category:
      1. Provide the "Primary Email" [Email], "First Name" [FirstName], and "Last Name" [LastName] 
      2. Select Finish

    Turn on SSO for Dialpad 

    Now it's time to turn on SSO for your Dialpad App.

    From the Google Admin console:

    1. Navigate to Apps
    2. Select Web and mobile apps
    3. Select Dialpad
    4. Select User Access
    5. Select an organizational unit
    6. Select On for everyone
    7. Select Save

    This will activate the single sign-on for the selected organizational unit.

    Verify SSO is working between Google Workspace and Dialpad

    Now it's time to do a final check and verify that SSO works between Google Workspace and Dialpad.

    1. Open https://dialpad.com/saml/login/google/your-domain.com  
      1. or, head to https://dialpad.com/login and select Log in with another provider
    2. Enter your company domain, then select Next

    That's it! You'll be redirected to Google for authentication and then automatically redirected back to Dialpad.

    Enforcing SAML-based SSO 

    Add an extra level of security by blocking your users from using other SSO providers when logging into Dialpad. 

    To restrict the use of other authentication providers, navigate to your Admin Settings at Dialpad.com

    1. Select My Company
    2. Navigate to Authentication
    3. Select SAML
    4. Select Prevent users from logging in with other SSO providers
    5. Select Save
    Note
    Once changes were saved, your users won't be able to use Microsoft and Google SSO, (or even their username and password) to log in to Dialpad.

    Was this article helpful?