Google Workspace SSO
You can configure Single Sign-On (SSO) with Google Workspace to secure access to Asset Panda. This setup allows users to sign in using their Google credentials, improving security and simplifying access management.
Google Admin Console interfaces and menu names may change. Refer to Google documentation if options appear different.
Prerequisites
Super Admin access to Google Admin Console
Asset Panda Entity ID and Reply URL (ACS URL)
Default values:
Entity ID:
urn:amazon:cognito:sp:us-east-1_4jHsDgxlCACS URL:
https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponse
If these values differ for your environment, contact Asset Panda support.
Access to Apps > Web and Mobile Apps in Google Admin Console
Search for or create a SAML application
To set up SSO, search for or create a custom SAML app in Google Workspace:
Sign in to the Google Admin Console.
Navigate to Apps > Web and Mobile Apps.
Search for the Asset Panda application.
If there is no application, create a new one:
Click Add App.
Select Add custom SAML app.
Enter a name.
Optionally upload an icon.
Click Continue.
Configure SAML Settings
Enter the Service Provider values:
ACS URL (Reply URL):
https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponseEntity ID (Identifier):
urn:amazon:cognito:sp:us-east-1_4jHsDgxlCName ID Format: EMAIL
Name ID: Primary Email
Click Continue.
Configure Google as the Identity Provider
On the Google IdP Information screen, download the IdP Metadata file. This file will be uploaded to Asset Panda later.
Click Continue.
Configure user attributes
Ensure the email attribute is mapped.
App Attribute: emailaddress
Google Directory Attribute: Primary Email
Map user attributes to pass additional information, such as primary email with emailaddress.
Additional attributes, such as first and last name, can be mapped if supported.
Click Finish.
Assign users or groups
After configuration, grant users access to the application.
Users without access enabled here cannot authenticate.
Open the SAML application.
Go to User Access.
Turn access ON for Everyone or Specific Organizational Units or Groups.
Click Save.
Complete the Google Integration in Asset Panda
Perform the following steps after downloading the IdP Metadata file from Google:
Log into Asset Panda Pro with an administrator account
Navigate to
Settings > Preferences > Single sign-on (SSO).Click Add new SSO.
Select the Enable Type to determine who can access Asset Panda through SSO:
Enable for all users: Enable SSO for all users in your organization, allowing them to authenticate using their Microsoft Entra ID or other identity provider credentials.
Enable for selected domains: Restrict SSO to users with email addresses from specific domains.
Disable for all users: Disable SSO for all users, preventing authentication via Microsoft Entra ID or other identity provider credentials.
Enter a Connection Name that will be displayed during the login process.
Upload the downloaded IdP Metadata file.
Click Save.
Validate assigned users
Assigned users must exist in Google Workspace and Asset Panda, and must have matching email addresses. If these conditions are not met, login will fail after authentication.
Test the setup
Open a private or incognito browser window.
Go to the Asset Panda login page.
Enter the email address.
Select Sign in with Google.
Confirm the user is redirected successfully to Asset Panda
Last updated

