search

Google Workspace SSO

Configure Single Sign-On (SSO) with Google Workspace to secure access to Asset Panda. This setup allows users to sign in using their Google credentials, improving security and simplifying access management.

hashtag
Prerequisites

To configure SSO between Asset Panda and Google Workspace, ensure the following:

  • Super Admin access to Google Admin Console

  • Asset Panda Entity ID and Reply URL (ACS URL)

  • Access to Apps > Web and Mobile Apps in Google Admin Console

Default Values

  • Entity ID: urn:amazon:cognito:sp:us-east-1_4jHsDgxlC

  • ACS URL: https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponse

Note: If these values differ for your environment, contact Asset Panda support.

Warning: Google Admin Console interfaces and menu names may change. Refer to Google documentation if options appear different.

hashtag
Search or Create a SAML Application

To set up SSO, search for or create a custom SAML app in Google Workspace.

  1. Sign in to the Google Admin Console.

  2. Navigate to Apps > Web and Mobile Apps.

  3. Search for the Asset Panda application.

If the application does not exist:

  1. Click Add App.

  2. Select Add custom SAML app.

  3. Enter a name.

  4. Optionally upload an icon.

  5. Click Continue.

hashtag
Configure SAML Settings

Enter the Service Provider values.

  1. ACS URL (Reply URL): https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponse

  2. Entity ID (Identifier): urn:amazon:cognito:sp:us-east-1_4jHsDgxlC

  3. Name ID Format: EMAIL

  4. Name ID: Primary Email

  5. Click Continue.

hashtag
Configure Google as Identity Provider

On the Google IdP Information screen:

  1. Download the IdP Metadata file.

  2. This file will be uploaded to Asset Panda later.

  3. Click Continue.

hashtag
Configure User Attributes

Ensure the email attribute is mapped.

  • App Attribute: email

  • Google Directory Attribute: Primary Email

Map user attributes to pass additional information such as primary email with emailaddress.

Additional attributes such as first and last name can be mapped if supported.

Click Finish.

hashtag
Assign Users or Groups

After configuration, grant users access to the application.

  1. Open the SAML application.

  2. Go to User Access.

  3. Turn access ON for:

    1. Everyone, or

    2. Specific Organizational Units or Groups.

  4. Click Save.

Users without access enabled here cannot authenticate.

hashtag
Complete the Google Integration in Asset Panda

After downloading the IdP Metadata file from Google:

  1. Log in to Asset Panda as an admin.

  2. Navigate to Settings > Preferences > Single Sign-On (SSO).

  3. Click Add new SSO.

  4. Choose the Enable Type based on your organization’s requirement:

    1. Enable for all users

    2. Enable for selected domains

    3. Disable for all users

  5. Enter a Connection Name.

  6. Upload the IdP Metadata file.

  7. Click Save to complete configuration.

hashtag
Validate Assigned Users

Assigned users must:

  • Exist in Google Workspace

  • Exist in Asset Panda

  • Have matching email addresses

If these conditions are not met, login will fail after authentication.

hashtag
Test the Setup

  1. Open a private or incognito browser window

  2. Go to the Asset Panda login page

  3. Enter the email address

  4. Select Sign in with Google

  5. Confirm the user is redirected successfully to Asset Panda

PreviousMicrosoft Entra ID SSONextSingle Sign-On (SSO) with Okta

Last updated