All Collections
SSO & SCIM User Provisioning
How to set up SSO for GSuite (with JIT UP)
How to set up SSO for GSuite (with JIT UP)

Explains how to set up Single Sign on with Just in Time User Provisioning for GSuite

T
Written by Thomas Papen
Updated over a week ago

Add Tribeloo App to Google Admin Portal

1. Log in to your Google Admin portal and go to “Apps” – “SAML apps”

2. Select “Add App” – “Add custom SAML app”

3. Enter “Tribeloo SSO” for app name and click continue

Set up SSO

4. Copy the values of the “SSO URL” and “Entity ID” which will be used on the SSO configuration page in Tribeloo. We also need to download the Certificate

5. Now open the Tribeloo app, and navigate to the menu (1), Admin (2) and then select User Management (3) and then the SSO (4) tab.

6. We can now fill the Google data into the Tribeloo SSO configuration form

  • The value of the Google “Entity ID” should be filled in the “Issuer URL” field on the Tribeloo form

  • The value of the Google “SSO URL” should be filled in the Tribeloo field named “SSO login URL”

  • !! Note that these two values are in a different order on the Google form and the Tribeloo form

  • The content of the downloaded certificate should be put in the field named Certificate on the Tribeloo form

  • Don't forget to Save

7. Back to Google, after clicking continue, enter the following 2 fields

8. Additional user claims can be added to the SSO setup in Google to improve Just in Time user provisioning with Tribeloo:

  • “Tribeloo.firstname” and “Tribeloo.lastname” will be used as Tribeloo Username for the new user

    • If this mapping is not available, user email is used as Tribeloo Username

  • “Tribeloo.site” will allow the user to be provisioned directly to a “Home site” in Tribeloo if the value received corresponds to the name of a Tribeloo site

    • If this mapping is not available or doesn’t match to a Tribeloo site, user will be created without “Home site” (Site= None)

    • Contact support if you want to provision home site but Tribeloo and Google site names do not match

9. Next step is to setup User access to everyone, Groups or Organizational Units. Click "Save".

10. Select “TEST SAML LOGIN”. It might take up to 24 hours for the app to work in Google.

11. When tested successfully, “Enable SSO” in the Tribeloo app

If you have questions or difficulties with your Tribeloo/Google SSO integration, please contact Tribeloo support via support@tribeloo.com

Did this answer your question?