Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Português (Portugal) Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

How Do I Enable SSO/SAML for Google Workspace?

Updated:

Created:

How to Set Up Google Workspace SAML Connector to KnowBe4 for SSO

Follow the steps below to configure single sign-on (SSO) with Google Workspace. Enabling SSO will allow your users to automatically log in to the KMSAT console for their security awareness training using their Google account.

Note: Make sure the email address that your users use to authenticate with SAML is either entered into the Email field or Email Aliases field in their user profile. However, only the email address listed in the Email field will receive training notification emails. For more information about adding information to user profiles, see our User Profile Guide.

To configure SSO with Google Workspace, follow the steps below:

  1. Log in to https://admin.google.com and select Apps.
  2. Select Web and mobile apps
  3. Click the Add App drop-down menu, and select Search for apps.
  4. Search for "KnowBe4" and click Select on the app with Web (SAML) as the platform.
  5. Click Download Metadata. Keep the information from this file in an accessible place. You'll need the SHA1 fingerprint and SSO URL found in this file for step 9. Click Continue.
  6. Fill out the fields with the appropriate information specified below. Enable Signed Response by selecting the check box then click Continue.
    • ACS URL: Enter this URL. To obtain this URL from your KMSAT console, follow the steps below:
      • Log in to your KMSAT console.
      • Click your email address on the top-right corner and select Account Settings.
      • Navigate to the SAML section of your settings and copy the Callback Link. For example, https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx/callback.
    • Entity ID: Enter "KnowBe4". If a unique entity ID was generated for your KMSAT console, use the ID shown in your KMSAT Account Settings page.
    • Start URL: Enter this URL. To obtain this URL from your KMSAT console, follow the steps below:
      • Log in to your KMSAT console.
      • Click your email address on the top-right corner, then select Account Settings.
      • Navigate to the SAML section of your settings and copy the Sign in URL. For example, https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx..
    • Signed response: Select this check box.
    • Name ID Format: Enter "EMAIL".
    • Name ID: Choose Basic InformationPrimary Email.
  1. Under Attributes, navigate to the Basic Information section and select Primary Email. Then, click Finish.
  2. Click User access and select ON for everyone under Service status. Then, click Save.
  3. Follow the instructions listed in our How to Set Up SAML Single Sign-on for the Security Awareness Training Platform article to complete the SAML configuration. 

    Note: The identity provider (IdP) metadata file includes your X.509 certificate. To set up SAML, you will need the SHA1 fingerprint instead. To learn how to convert the X.509 certificate into a SHA1 fingerprint, visit our How to Convert an X.509 Certificate to a SHA1 Fingerprint for SAML article. You can also convert the X.509 certificate to a SHA256 fingerprint if preferred. For more information, visit Google's Maintain SAML certificates article.

    • The SHA1 fingerprint 
      • Example: A1:2B:C3:D4:E6:F7:88:GG:H9:76:4A:2D:CF:AB:A6:A0:20:88:00
    • The SSO URL

For further assistance with this feature, please contact our support team and they would be happy to help.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles