> For the complete documentation index, see [llms.txt](https://prohelp.assetpanda.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://prohelp.assetpanda.com/integrations-store/single-sign-on-sso-integrations/google-workspace-sso.md).

# Google Workspace SSO

You can configure Single Sign-On (SSO) with Google Workspace to secure access to Asset Panda. This setup allows users to sign in using their Google credentials, improving security and simplifying access management.

{% hint style="warning" %}
Google Admin Console interfaces and menu names may change. Refer to Google documentation if options appear different.
{% endhint %}

## Prerequisites

* Super Admin access to Google Admin Console
* Asset Panda **Entity ID** and **Reply URL (ACS URL)**

  **Default values:**

  * **Entity ID**: `urn:amazon:cognito:sp:us-east-1_4jHsDgxlC`
  * **ACS URL**:\
    `https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponse`

{% hint style="info" %}
If these values differ for your environment, contact Asset Panda support.
{% endhint %}

* Access to **Apps > Web and Mobile Apps** in Google Admin Console

***

## Search for or create a SAML application

To set up SSO, search for or create a custom SAML app in Google Workspace:

1. Sign in to the **Google Admin Console**.
2. Navigate to **Apps > Web and Mobile Apps**.
3. Search for the Asset Panda application.

{% hint style="info" %}
If there is no application, create a new one:

1. Click **Add App**.
2. Select **Add custom SAML app**.
3. Enter a name.
4. Optionally upload an icon.
5. Click **Continue**.
   {% endhint %}

***

### Configure SAML Settings

1. Enter the Service Provider values:
   * **ACS URL (Reply URL)**:\
     `https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponse`
   * **Entity ID (Identifier)**:\
     `urn:amazon:cognito:sp:us-east-1_4jHsDgxlC`
   * **Name ID Format**: EMAIL
   * **Name ID**: Primary Email
2. Click **Continue**.

***

### Configure Google as the Identity Provider

1. On the **Google IdP Information** screen, download the **IdP Metadata** file. This file will be uploaded to Asset Panda later.
2. Click **Continue**.

***

### Configure user attributes

1. Ensure the email attribute is mapped.
   * **App Attribute**: emailaddress
   * **Google Directory Attribute**: Primary Email
2. Map user attributes to pass additional information, such as primary email with *emailaddress*.

{% hint style="info" %}
Additional attributes, such as first and last name, can be mapped if supported.
{% endhint %}

3. Click **Finish**.

***

### Assign users or groups

After configuration, grant users access to the application.

{% hint style="info" %}
Users without access enabled here cannot authenticate.
{% endhint %}

1. Open the SAML application.
2. Go to **User Access**.
3. Turn access **ON** for **Everyone** or **Specific Organizational Units or Groups**.
4. Click **Save**.

***

### Complete the Google Integration in Asset Panda

Perform the following steps after downloading the IdP Metadata file from Google:

1. Log into Asset Panda Pro with an administrator account
2. Navigate to <img src="/files/dLHka5YWbUR3zisHLua6" alt="Settings icon" data-size="line"> **Settings** > **Preferences** > **Single sign-on (SSO)**.
3. Click **Add new SSO**.
4. Select the **Enable Type** to determine who can access Asset Panda through SSO:
   * **Enable for all users**: Enable SSO for all users in your organization, allowing them to authenticate using their Microsoft Entra ID or other identity provider credentials.
   * **Enable for selected domains**: Restrict SSO to users with email addresses from specific domains.
   * **Disable for all users**: Disable SSO for all users, preventing authentication via Microsoft Entra ID or other identity provider credentials.
5. Enter a **Connection Name** that will be displayed during the login process.
6. Upload the downloaded **IdP Metadata** file.&#x20;
7. Click **Save**.

***

### Validate assigned users

Assigned users must exist in Google Workspace and Asset Panda, and must have matching email addresses. If these conditions are not met, login will fail after authentication.

***

### Test the setup

1. Open a private or incognito browser window.
2. Go to the Asset Panda login page.
3. Enter the email address.
4. Select **Sign in with Google.**
5. Confirm the user is redirected successfully to Asset Panda


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://prohelp.assetpanda.com/integrations-store/single-sign-on-sso-integrations/google-workspace-sso.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.