FAQ How To Knowledge Base

How to set up single sign-on (SSO) for G Suite (Google)

Here’s a step-by-step guide on how to configure SSO for your BlogIn account by creating a SAML app in G Suite. It’s a convenient option if you use G Suite and haven’t implemented SSO yet.

Prerequisites: Ensure that you are the administrator of your both BlogIn and G Suite accounts.

1. Log in to Google Admin Console at (at admin.google.com)

2. Go to Apps > SAML Apps

3. Click Add Add at bottom right.

4. Click Set up my own custom app.
The Google IDP Information window opens and the SSO URL and Entity ID fields automatically populated.

The information from this window is used to configure SSO on BlogIn. The easiest way to do this is to download the IDP metadata file and save it on your computer, and use this file in the next step.

5. Configure SSO on BlogIn
In a new tab or window, login to your BlogIn account and go to Settings > User Authentication tab > Configure SSO & User provisioning. 

Change Single Sign-On status to On and choose a custom name for SSO Login that will be displayed on the login screen.

Choose Configuration Method (Metadata URL or Metadata file is recommended) and populate the required fields.

If you downloaded the IDP Metadata file in the previous step, choose Metadata FIle as the Configuration method and upload the file IDP Metadata file.

Otherwise, change the Configuration method to manual and manually populate Identity Provider SSO URL (Login URL) and Identity Provider Issuer (entity ID) and upload the Certificate you got from G Suite (information from the last step).

Choose default user role for new users joining using SSO.

Click Save changes.

6. Return to the Google Admin Console window and click Next. Populate basic information about your SAML app on the next screen. Populate the name of the app and optionally provide description and logo.

Click Next.

7. In the Service Provider Details window, type the following information:

ACS URL: https://{YOUR_BLOG_URL}/sso/saml/callback (with your actual BlogIn blog URL where it says {YOUR_BLOG_URL})

Entity ID: https://{YOUR_BLOG_URL}/ (with your actual BlogIn blog URL where it says {YOUR_BLOG_URL})

Start URL: https://{YOUR_BLOG_URL}/  (with your actual BlogIn blog URL where it says {YOUR_BLOG_URL})

Signed Response: Disable
Name ID: Basic Information – Primary Email
Name ID Format: EMAIL

These URLs are also provided on the bottom of the SSO Configuration screen (Settings > User Authentication > Configure SSO) under Identity Provider Configuration Data on BlogIn.

Here’s how it will look:

Click Next.

8. Provide mappings between BlogIn user attributes and available user profile fields.

Click ADD NEW MAPPING to add custom mappings for First Name and Last Name.

attribute name: firstname
category: Basic Information
user field: First Name

attribute name: lastname
category: Basic Information
user field: Last Name

Click Finish.

9. Activating the app for your domain
By default, the app you created is turned off and is not visible to the users signed in to your Google domain account. To activate the app, find the BlogIn SAML app you just created, click on the three dots on the right side, and select ON for everyone in the drop-down list.

You can also turn the app on only for some organizations. Here’s an article on how to add an organizational unit in your G Suite account.

SSO Setup is now complete.

From now on, users should be able to log in to BlogIn by clicking the "Sign In with SSO" button the login screen, as long as they are logged in to their G Suite account.

Got Questions?
If you have any questions feel free to contact us via email support@blogin.co or Twitter.

Subscribe to our Newsletter

Internal communication trends, tips & best practices.

Subscribe to our Newsletter

Internal communication trends, tips & best practices.