Configuring Single Sign-On (SSO) using Google Workspace

Edited

Please note that SSO is only available on the Master plan.

SSO/SAML enables members of an identity provider (IdP) of your choice to access Resource Guru without having to set up a separate Resource Guru ID (login). Resource Guru's SSO works with any IdP that supports SAML 2.0 including Google Workspace, Microsoft Azure, Okta, Ping Identity, Ping Federate, OneLogin, Bitium, LastPass, Centrify, Clearlogin, Auth0 and many others. Setting up SSO can be a bit tricky so we’ve provided a guide below using Google Workspace and Microsoft ADFS as the IdPs.

If you would like to use SSO on multiple Resource Guru accounts with the same email domain, please reach out to happytohelp@resourceguruapp.com and we will be happy to help get you set up!

Configuring SSO using Google Workspace

Sign into Google Workspace Admin, expand the menu, select Apps and then Web and mobile apps.

Select Add app and choose Add custom SAML app.

Enter “Resource Guru” as the Application Name, then enter an optional description and upload the Resource Guru logo if you’d like to (this will appear for users in their Google menu).

Download the Certificate and make a note of the SSO URL and Entity ID. We will use these later. Now click Continue.

Leave the Workspace page open and log into Resource Guru in a separate tab. Head on over to your Settings in Resource Guru, and click SSO followed by Configure SSO.

Copy your ACS URL and Entity ID from Resource Guru into Workspace. Make sure that the Name ID format is set to “EMAIL” and Name ID is set to Basic Information > Primary email. Now, click Continue.

If you don’t wish to map attributes just click Finish. If you do wish to map attributes, click Add Mapping.

Now, in Workspace, select Service status and ensure that ON for everyone is selected. Click Save.

Head back over to Resource Guru and enter the email domain for your organisation (e.g. mycompany.com). Then paste the SSO URL and Entity ID from Google Workspace into the relevant fields, and upload the certificate you downloaded from Google Workspace earlier.

  • Users Must Be Invited:this option lets you specify whether people must be invited to join your account (if so, choose Yes), or whether anyone with a company email address (e.g. @mycompany.com) should be able to create their own login without being directly invited; in which case choose No (self service).

  • Users Can Login With: thisoption should be set to SSO only if you want to prevent people from accessing your account after they have been removed from your IdP. This setting provides centralised access control to your account via your IdP. Please note that account owners will still be able to log in using their Resource Guru ID (email & password) - this prevents everyone being locked out if the connection with your IdP fails for any reason.

Finally, click Add Configuration.

Users from your company will now be able to log into Resource Guru with their email address by using the link above on the login page.


Guru Tip

If SSO only is switched on, only the account owner will be able to access the API. This is because users can’t use their Resource Guru ID to log in when SSO only is enabled and we can’t use SSO to determine whether API access should be granted or not.


Learn more

Logging in with SSO/SAML (Single Sign On)

Upgrading/downgrading your plan

Setting permissions