Ctrlk

Google Workspace SSO

You can configure Single Sign-On (SSO) with Google Workspace to secure access to Asset Panda. This setup allows users to sign in using their Google credentials, improving security and simplifying access management.

Google Admin Console interfaces and menu names may change. Refer to Google documentation if options appear different.

Prerequisites

  • Super Admin access to Google Admin Console

  • Asset Panda Entity ID and Reply URL (ACS URL)

    Default values:

    • Entity ID: urn:amazon:cognito:sp:us-east-1_4jHsDgxlC

    • ACS URL: https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponse

If these values differ for your environment, contact Asset Panda support.

  • Access to Apps > Web and Mobile Apps in Google Admin Console

Search for or create a SAML application

To set up SSO, search for or create a custom SAML app in Google Workspace:

  1. Sign in to the Google Admin Console.

  2. Navigate to Apps > Web and Mobile Apps.

  3. Search for the Asset Panda application.

If there is no application, create a new one:

  1. Click Add App.

  2. Select Add custom SAML app.

  3. Enter a name.

  4. Optionally upload an icon.

  5. Click Continue.

Configure SAML Settings

  1. Enter the Service Provider values:

    • ACS URL (Reply URL): https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponse

    • Entity ID (Identifier): urn:amazon:cognito:sp:us-east-1_4jHsDgxlC

    • Name ID Format: EMAIL

    • Name ID: Primary Email

  2. Click Continue.

Configure Google as the Identity Provider

  1. On the Google IdP Information screen, download the IdP Metadata file. This file will be uploaded to Asset Panda later.

  2. Click Continue.

Configure user attributes

  1. Ensure the email attribute is mapped.

    • App Attribute: emailaddress

    • Google Directory Attribute: Primary Email

  2. Map user attributes to pass additional information, such as primary email with emailaddress.

Additional attributes, such as first and last name, can be mapped if supported.

  1. Click Finish.

Assign users or groups

After configuration, grant users access to the application.

Users without access enabled here cannot authenticate.

  1. Open the SAML application.

  2. Go to User Access.

  3. Turn access ON for Everyone or Specific Organizational Units or Groups.

  4. Click Save.

Complete the Google Integration in Asset Panda

Perform the following steps after downloading the IdP Metadata file from Google:

  1. Log into Asset Panda Pro with an administrator account

  2. Navigate to Settings icon Settings > Preferences > Single sign-on (SSO).

  3. Click Add new SSO.

  4. Select the Enable Type to determine who can access Asset Panda through SSO:

    • Enable for all users: Enable SSO for all users in your organization, allowing them to authenticate using their Microsoft Entra ID or other identity provider credentials.

    • Enable for selected domains: Restrict SSO to users with email addresses from specific domains.

    • Disable for all users: Disable SSO for all users, preventing authentication via Microsoft Entra ID or other identity provider credentials.

  5. Enter a Connection Name that will be displayed during the login process.

  6. Upload the downloaded IdP Metadata file.

  7. Click Save.

Validate assigned users

Assigned users must exist in Google Workspace and Asset Panda, and must have matching email addresses. If these conditions are not met, login will fail after authentication.

Test the setup

  1. Open a private or incognito browser window.

  2. Go to the Asset Panda login page.

  3. Enter the email address.

  4. Select Sign in with Google.

  5. Confirm the user is redirected successfully to Asset Panda

PreviousSingle Sign On (SSO) integrationsNextMicrosoft Entra ID SSO

Last updated