This knowledge base article will explain how to configure SAML 2.0 for Google Workspace. Security Assertion Markup Language (SAML) is an easy way for your users to authenticate and login to Phishing Tackle.
If you have configured White Labelling, please ensure that you use your organisation's White Labelled login page to log in. The URL used to access the platform will be used to configure SAML.
How to access your SAML 2.0 settings in Phishing Tackle
Under Setup in the left-hand column, click "Organisation" and then click "Settings".
Click the option "Single Sign-on (SAML2)".
Google SAML Configuration:
To begin configuring SAML 2.0 for Google Workspace please visit https://admin.google.com/ and login with your admin credentials. This account will need super administrator privileges.
In the Google Admin console click "Apps" then click "Web and mobile apps".
Click "Add App" then click "Add custom SAML app" in the drop-down menu.
On the App details page enter a name for your SAML app. You also have the option to add a description and app Icon. Once you have made the required changes click continue.
On the "Google Identity Provider details" page we will be using Option 2 "Copy the SSO URL, entity ID and certificate" to configure SAML. To complete the "IDENTITY PROVIDER (IdP)" section in Phishing Tackle please copy the values displayed.
Copy the "SSO URL" (In Google) to "Identity Provider Sign on URL
Copy the "Entity ID" (In Google) to "
Copy the "Entity ID" (In Google) to "Identifier Provider Id
In Phishing tackle delete the text within "Identity Provider SAML Base64 Signing Certificate". Then copy the "Certificate" (In Google) to "Identity Provider SAML Base64 Signing Certificate"
Click the "Save" button in Phishing Tackle.
Then click the Blue "Continue" button in Google.
Enter your service provider details
To complete the Service provider details section in Google, please enter the following values.
Copy the "Reply URL (Assertion Consumer Service URL)" (In Phishing Tackle) to "
(In Phishing Tackle) to "Start URL" in Google.
Set the Name ID format value to "EMAIL".
Leave the Name ID vale as "Basic Information > Primary email".
Then click the Blue "Continue" button.
Google attribute mapping
On the Google Attributes page click "Add Mapping".
Within Google directory attributes select the field "Primary email".
Within Google App attributes enter "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" this is the official Microsoft URI denoting the Email Claim Type which is required for login.
Click "Finish".
Enable Service for users
Click "User access".
Click "ON for everyone" then click "Save".
Once the Google service is enabled, return to Phishing Tackle and tick "Enabled" and click "Save".
Please ensure to clear all cookies before logging back in. Your users can now access Phishing Tackle and use SAML to login.
Google custom SAML app removal
If you need to remove or delete the custom SAML App, please ensure to delete the custom schema that is associated as an attribute mapping. If this is not removed before deletion errors can occur.
In SAML attribute Mapping, click the "X" button.
Click "SAVE".
If you need any assistance with configuring SAML 2.0 for Azure, please contact our support team by clicking here.