Google SSO Setup
Superblocks single sign-on (SSO) with Google Workspace lets your team seamlessly authenticate and access Superblocks using their Google credentials. This guide walks through how to configure single sign-on for Superblocks.
Prerequisites
To setup SSO for your organization, you'll need:
- A Google Workspace account
- Google Workspace administration access
- A Superblocks organization on the Enterprise plan
Setup Google Workspace
Set up single sign-on for Google by creating either a SAML or OIDC application. For full details, see Google's guides for how to:
info
For the fastest setup and seamless integration with Superblock's Sign-in with Google experience, create an OAuth2.0 app.
If you plan on using SCIM for user provisioning and group management, create a SAML app. Learn more about Managing users and groups with SCIM.
Create an OAuth app
Log in to Google Cloud and go to the API Console
Select a Google Cloud project or create a new one
Navigate to the APIs & services page from the left side menu
On the left, click Credentials
Click Create Credentials, then select OAuth client ID
Select Web application as the Application type
Configure the following settings for your application
Name Superblocks, or a custom name Authorized JavaScript origins https://login.superblocks.com
Authorized redirect URIs https://login.superblocks.com/login/callback
Click Create. A modal will open with your OAUth client information. Keep this modal open and go to the section below to determine what info to send to Superblocks.
Create a SAML app
Log in to Google Workspace and go to the Admin Console
Navigate to Apps → Web and mobile apps
Click Add App → Add custom SAML app
Provide the general information for the integration and click Continue
On the Google Identity Provider details download the IDP metadata file, or copy and save the info to send to Superblocks
Click Continue
Enter the following information into the Service Provider Details
ACS URL https://login.superblocks.com/login/callback?connection=<CompanyName>-SAML
Entity ID urn:auth0:superblocks-prod:<CompanyName>-SAML
Name ID format EMAIL Name ID Basic Information > Primary email caution
Replace
<CompanyName>
with your company’s name. Remove all spaces and special characters from the name. If your company name is multiple words, capitalize the first letter of each word.For example, the company River Bank Technologies would become
RiverBankTechnologies
.Click Continue
Click Add mapping and configure the following user attributes
Google Directory attributes App attributes Primary email email First name givenname Last name surname Click Finish and continue to send your SAML app info to Superblocks.
Send IDP info to Superblocks
OAuth application
Send the following information to support@superblocks.com
Client ID | The public identifier for your client located on the General tab of your application. |
---|---|
Client Secret | The secret value shows in the CLIENT SECRETS section. Note: we recommend using a secure transfer mechanism such as `https://onetimesecret.com` or similar to send the secret. |
Google Workspace domain | Google Workspace domain name for your organization. |
Domains | A list of domain and domain aliases your employees should be able to use when logging in to Superblocks. |
SAML application
Send the following information to support@superblocks.com
Connection Name | The connection name you created above and configured in the ACS URL and Entity ID. |
---|---|
SSO URL | The Identity Provider Single Sign-On URL provided when you created the SAML app. |
X509 Signing Certificate | The certificate downloaded from the Identity Provider details |
Domains | A list of domain and domain aliases your employees should be able to use when logging into Superblocks. |