Google SSO Setup
Superblocks single sign-on (SSO) with Google Workspace lets your team seamlessly authenticate and access Superblocks using their Google credentials. This guide walks through how to configure single sign-on for Superblocks.
Prerequisites
To setup SSO for your organization, you'll need:
- A Google Workspace account
- Google Workspace administration access
- A Superblocks organization on the Enterprise plan
Setup Google Workspace
Set up single sign-on for Google by creating either a SAML or OIDC application. For full details, see Google's guides for how to:
For the fastest setup and seamless integration with Superblock's Sign-in with Google experience, create an OAuth2.0 app.
If you plan on using SCIM for user provisioning and group management, create a SAML app. Learn more about Managing users and groups with SCIM.
Create an OAuth app
-
Log in to Google Cloud and go to the API Console
-
Select a Google Cloud project or create a new one
-
Navigate to the APIs & services page from the left side menu
-
On the left, click Credentials
-
Click Create Credentials, then select OAuth client ID
-
Select Web application as the Application type
-
Configure the following settings for your application
Name Superblocks, or a custom name
Authorized JavaScript origins https://login.superblocks.comAuthorized redirect URIs https://login.superblocks.com/login/callback -
Click Create. A modal will open with your OAUth client information. Keep this modal open and go to the section below to determine what info to send to Superblocks.
Create a SAML app
-
Log in to Google Workspace and go to the Admin Console
-
Navigate to Apps → Web and mobile apps
-
Click Add App → Add custom SAML app
-
Provide the general information for the integration and click Continue
-
On the Google Identity Provider details download the IDP metadata file, or copy and save the info to send to Superblocks
-
Click Continue
-
Enter the following information into the Service Provider Details
ACS URL https://login.superblocks.com/login/callback?connection=<CompanyName>-SAML
Entity ID urn:auth0:superblocks-prod:<CompanyName>-SAMLName ID format EMAIL Name ID Basic Information > Primary email cautionReplace
<CompanyName>with your company’s name. Remove all spaces and special characters from the name. If your company name is multiple words, capitalize the first letter of each word.For example, the company River Bank Technologies would become
RiverBankTechnologies. -
Click Continue
-
Click Add mapping and configure the following user attributes
Google Directory attributes App attributes Primary email email First name givenname Last name surname -
Click Finish and continue to send your SAML app info to Superblocks.
Send IDP info to Superblocks
OAuth application
Send the following information to support@superblocks.com
| Client ID | The public identifier for your client located on the General tab of your application. |
|---|---|
| Client Secret | The secret value shows in the
CLIENT SECRETS section. Note: we recommend using a secure
transfer mechanism such as |
| Google Workspace domain | Google Workspace domain name for your organization. |
| Domains | A list of domain and domain aliases your employees should be able to use when logging in to Superblocks. |
SAML application
Send the following information to support@superblocks.com
| Connection Name | The connection name you created above and configured in the ACS URL and Entity ID. |
|---|---|
| SSO URL | The Identity Provider Single Sign-On URL provided when you created the SAML app. |
| X509 Signing Certificate | The certificate downloaded from the Identity Provider details |
| Domains | A list of domain and domain aliases your employees should be able to use when logging into Superblocks. |