{"id":89910,"date":"2023-06-07T15:38:39","date_gmt":"2023-06-07T19:38:39","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=89910"},"modified":"2024-07-23T02:08:04","modified_gmt":"2024-07-23T06:08:04","slug":"sso-with-google-workspace","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace","title":{"rendered":"SSO with Google Workspace"},"content":{"rendered":"\n<p>In addition to the JumpCloud <a href=\"https:\/\/jumpcloud.com\/support\/google-workspace-integration-overview\">Google Workspace Cloud Directory Integration<\/a> (which enables the provisioning and synchronization of your Google Workspace users from JumpCloud), you can also choose to configure the Google Workspace SAML SSO Connector. <\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>Learn more about&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/understand-the-difference-between-the-google-workspace-integration-and-saml-connector\">the difference between JumpCloud&#8217;s Google Workspace&nbsp;Integration and Google Workspace&nbsp;SSO connector<\/a>.&nbsp;<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>The Google Workspace connector provides users with single sign on (SSO) capabilities. They are redirected to the JumpCloud login screen enabling them to log into Google Workspace with their JumpCloud credentials.&nbsp;Using JumpCloud SSO with Google Workspace not only passes user authentication responsibilities to JumpCloud, it also allows the option to enforce <a href=\"https:\/\/jumpcloud.com\/support\/get-started-mfa\">JumpCloud MFA<\/a> for authentication and the ability to enforce <a href=\"https:\/\/jumpcloud.com\/support\/get-started-conditional-access-policies\">Conditional Access Policies<\/a>. <\/p>\n\n\n\n<p>Read this article to learn how to set up Google Workspace SSO.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>Read the <a href=\"https:\/\/jumpcloud.com\/support\/saml-configuration-notes\">SAML Configuration Notes<\/a> before you start configuring this connector.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p><strong>Prerequisites<\/strong><\/p>\n\n\n\n<ul>\n<li>A JumpCloud administrator account<\/li>\n\n\n\n<li>JumpCloud SSO Package or higher or SSO \u00e0 la carte option<\/li>\n\n\n\n<li>In order to successfully complete the integration between JumpCloud and Google, you must have administrative rights to access configuration in your Google Workspace account<\/li>\n\n\n\n<li>Google Workspace <a href=\"https:\/\/workspace.google.com\/pricing.html\" target=\"_blank\" rel=\"noreferrer noopener\">subscription<\/a> for <strong>Enterprise, Business, or Education<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Important Considerations<\/strong><\/p>\n\n\n\n<ul>\n<li>Non-profit or Standard (Free legacy) editions do not support SAML<\/li>\n\n\n\n<li>When a Google Super Admin tries to sign in to an SSO-enabled domain via <kbd>admin.google.com<\/kbd>, they will not be redirected to JumpCloud for authentication, but rather will be prompted for their full Google email address and associated password\n<ul>\n<li>Read Google\u2019s <a href=\"https:\/\/support.google.com\/a\/answer\/6341409?hl=en&amp;ref_topic=6348126\" target=\"_blank\" rel=\"noreferrer noopener\">full documentation<\/a> on SSO-enabled domain redirects for Super Admins.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-creating-a-new-jumpcloud-application-integration\"><strong>Creating a new JumpCloud Application Integration<\/strong><\/h2>\n\n\n\n<ol>\n<li>Log in to the&nbsp;<a href=\"https:\/\/console.jumpcloud.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Navigate to&nbsp;<strong>USER AUTHENTICATION&nbsp;<\/strong>&gt;&nbsp;<strong>SSO<\/strong> <strong>Applications<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>+&nbsp;Add New Application<\/strong>.<\/li>\n\n\n\n<li>Type <kbd>Google Workspace<\/kbd> in the <strong>Search <\/strong>field and select it.<\/li>\n\n\n\n<li>Click <strong>Next<\/strong>.<\/li>\n\n\n\n<li>In the <strong>Display Label<\/strong>, type your name for the application. Optionally, you can enter a <strong>Description<\/strong>, and choose to hide or <strong>Show in User Portal<\/strong>.<\/li>\n\n\n\n<li>Optionally, expand <strong>Advanced Settings<\/strong> to specify a value for the<strong> SSO IdP URL<\/strong>. If no value is entered, it will default to <kbd>https:\/\/sso.jumpcloud.com\/saml2\/&lt;application display label&gt;<\/kbd>.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card warning\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Warning:<\/strong> \n<p>The <strong>SSO IdP URL<\/strong> is not editable after the application is created. You will have to delete and recreate the connector if you need to edit this field at a later time.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"8\">\n<li>Click <strong>Save Application<\/strong>.<\/li>\n\n\n\n<li>If successful, click:\n<ul>\n<li><strong>Configure Application<\/strong> and go to the next section. <\/li>\n\n\n\n<li><strong>Close<\/strong> to configure your new application at a later time. <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configuring-the-sso-integration\"><strong>Configuring the SSO Integration<\/strong><\/h2>\n\n\n\n<p>Google Workspace allows mixed SSO policies through the use of SSO profiles. This is also called <em>Partial SSO<\/em> and gives you the flexibility to specify the authentication authority (JumpCloud or Google) for subsets of users in your organization, like vendors or contractors. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-to-configure-google-sso-profile-s\"><strong>To configure Google SSO Profile<\/strong>(s)<\/h3>\n\n\n\n<p>Google&#8217;s SSO profiles provide flexibility to include or exclude specific user groups or organizational units (OUs) from SSO through <em>assignments <\/em>within your Google Workspace environment. There are two types of SSO profiles; <\/p>\n\n\n\n<div class=\"wp-block-wpdatatables-wpdatatables-gutenberg-block\">\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-252\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"4\"\n           data-rows=\"3\"\n           data-wpID=\"252\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                            <th class=\"wpdt-cell \"\n                                    data-cell-id=\"A1\"\n                data-col-index=\"0\"\n                data-row-index=\"0\"\n                style=\" width:25%;                padding:10px;\n                \"\n                >\n                                SSO Profile                <\/th>\n                                            <th class=\"wpdt-cell wpdt-align-center\"\n                                    data-cell-id=\"B1\"\n                data-col-index=\"1\"\n                data-row-index=\"0\"\n                style=\" width:25%;                padding:10px;\n                \"\n                >\n                                Automatically enables SSO for all users                <\/th>\n                                            <th class=\"wpdt-cell wpdt-align-center\"\n                                    data-cell-id=\"C1\"\n                data-col-index=\"2\"\n                data-row-index=\"0\"\n                style=\" width:25%;                padding:10px;\n                \"\n                >\n                                Assignments required to EXCLUDE from SSO                <\/th>\n                                            <th class=\"wpdt-cell wpdt-align-center\"\n                                    data-cell-id=\"D1\"\n                data-col-index=\"3\"\n                data-row-index=\"0\"\n                style=\" width:25%;                padding:10px;\n                \"\n                >\n                                Assignments required to INCLUDE in SSO                <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                            <td class=\"wpdt-cell wpdt-align-left\"\n                                    data-cell-id=\"A2\"\n                data-col-index=\"0\"\n                data-row-index=\"1\"\n                style=\"                padding:10px;\n                \"\n                >\n                                Organization-wide Third Party                <\/td>\n                                            <td class=\"wpdt-cell wpdt-align-center\"\n                                    data-cell-id=\"B2\"\n                data-col-index=\"1\"\n                data-row-index=\"1\"\n                style=\"                padding:10px;\n                \"\n                >\n                                <img decoding=\"async\" data-media-content=\"wpdt-media-content\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/Install-yes.jpg\" class=\" alignnone size-full\" width=\"70\" height=\"70\" \/>                <\/td>\n                                            <td class=\"wpdt-cell wpdt-align-center\"\n                                    data-cell-id=\"C2\"\n                data-col-index=\"2\"\n                data-row-index=\"1\"\n                style=\"                padding:10px;\n                \"\n                >\n                                <img decoding=\"async\" data-media-content=\"wpdt-media-content\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/Install-yes.jpg\" class=\" alignnone size-full\" width=\"70\" height=\"70\" \/>                <\/td>\n                                            <td class=\"wpdt-cell wpdt-align-center\"\n                                    data-cell-id=\"D2\"\n                data-col-index=\"3\"\n                data-row-index=\"1\"\n                style=\"                padding:10px;\n                \"\n                >\n                                <img decoding=\"async\" data-media-content=\"wpdt-media-content\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/Install-no.jpg\" class=\" alignnone size-full\" width=\"81\" height=\"81\" \/>                <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                            <td class=\"wpdt-cell wpdt-align-left\"\n                                    data-cell-id=\"A3\"\n                data-col-index=\"0\"\n                data-row-index=\"2\"\n                style=\"                padding:10px;\n                \"\n                >\n                                Individual Third Party                <\/td>\n                                            <td class=\"wpdt-cell \"\n                                    data-cell-id=\"B3\"\n                data-col-index=\"1\"\n                data-row-index=\"2\"\n                style=\"                padding:10px;\n                \"\n                >\n                                <img decoding=\"async\" data-media-content=\"wpdt-media-content\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/Install-no.jpg\" class=\" alignnone size-full\" width=\"81\" height=\"81\" \/>                <\/td>\n                                            <td class=\"wpdt-cell wpdt-align-center\"\n                                    data-cell-id=\"C3\"\n                data-col-index=\"2\"\n                data-row-index=\"2\"\n                style=\"                padding:10px;\n                \"\n                >\n                                <img decoding=\"async\" data-media-content=\"wpdt-media-content\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/Install-no.jpg\" class=\" alignnone size-full\" width=\"81\" height=\"81\" \/>                <\/td>\n                                            <td class=\"wpdt-cell \"\n                                    data-cell-id=\"D3\"\n                data-col-index=\"3\"\n                data-row-index=\"2\"\n                style=\"                padding:10px;\n                \"\n                >\n                                <img decoding=\"async\" data-media-content=\"wpdt-media-content\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/Install-yes.jpg\" class=\" alignnone size-full\" width=\"70\" height=\"70\" \/>                <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>For more information, please reference <a href=\"https:\/\/support.google.com\/a\/answer\/12032922?hl=en&amp;ref_topic=7579248&amp;sjid=6368965028021096169-NC#assign_profile\" target=\"_blank\" rel=\"noreferrer noopener\">Decide which users should use SSO<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-configuring-an-organization-wide-third-party-sso-profile\"><strong>Configuring an Organization-wide Third Party SSO Profile<\/strong><\/h4>\n\n\n\n<p>This configuration will enable SSO for all Google Workspace users (except super admins). All Google Workspace users (except super admins) will be forwarded to JumpCloud for authentication. <\/p>\n\n\n\n<p>Navigate to <strong>Security &gt;<\/strong> <strong>Authentication &gt; SSO with third Party IDP &gt; Third-party SSO profile for your organization<\/strong> to <a href=\"https:\/\/support.google.com\/a\/answer\/12032922?hl=en#org_profile\" target=\"_blank\" rel=\"noreferrer noopener\">configure an organization-wide third party SSO profile<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"455\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c-1024x455.png\" alt=\"\" class=\"wp-image-106988\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c-1024x455.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c-300x133.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c-768x341.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c.png 1046w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-excluding-users-from-an-organization-wide-third-party-sso-profile\"><strong>Excluding users from an Organization-wide Third Party SSO Profile<\/strong><\/h5>\n\n\n\n<p>Using SSO Profile assignments within Google Workspace, users can be <em>excluded<\/em> from the Organization-wide Third Party SSO Profile meaning they will sign directly into Google. To <a href=\"https:\/\/support.google.com\/a\/answer\/12032922?hl=en#assign_profile\" target=\"_blank\" rel=\"noreferrer noopener\">exclude users or groups\/OUs from this SSO profile<\/a>, navigate to <strong>Security &gt; Authentication &gt; SSO with third Party IDP &gt; Manage SSO profile assignments<\/strong>.  <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"998\" height=\"432\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26ec6706.png\" alt=\"\" class=\"wp-image-106989\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26ec6706.png 998w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26ec6706-300x130.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26ec6706-768x332.png 768w\" sizes=\"(max-width: 998px) 100vw, 998px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-configuring-an-individual-third-party-sso-profile\"><strong>Configuring an Individual Third Party SSO Profile<\/strong><\/h4>\n\n\n\n<p>This configuration will allow you to enable SSO for a subset of Google Workspace users (except super admins). Only Google Workspace users (except super admins) assigned to this profile will authenticate with JumpCloud. <\/p>\n\n\n\n<p>Navigate to <strong>Security &gt;<\/strong> <strong>Authentication &gt; SSO with third Party IDP &gt; <strong>Third-party SSO profiles<\/strong> <\/strong>to <a href=\"https:\/\/support.google.com\/a\/answer\/12032922?hl=en#create_profile\" target=\"_blank\" rel=\"noreferrer noopener\">create a third-party SSO profile<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"542\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_153e3c7-1024x542.png\" alt=\"\" class=\"wp-image-107353\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_153e3c7-1024x542.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_153e3c7-300x159.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_153e3c7-768x406.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_153e3c7.png 1168w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-assigning-users-to-an-individual-third-party-sso-profile\"><strong>Assigning users to an Individual Third Party SSO Profile<\/strong><\/h5>\n\n\n\n<p>Using SSO Profile assignments, users can be <em>included<\/em> (except super admins as mentioned above) in the Individual Third Party SSO Profile and be forwarded to JumpCloud for authentication. To <a href=\"https:\/\/support.google.com\/a\/answer\/12032922?hl=en#assign_profile\" target=\"_blank\" rel=\"noreferrer noopener\">include users or groups\/OUs in this SSO profile<\/a>, navigate to <strong>Security &gt; Authentication &gt; SSO with third Party IDP &gt; Manage SSO profile assignments<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"448\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_156b45c-1024x448.png\" alt=\"\" class=\"wp-image-107354\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_156b45c-1024x448.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_156b45c-300x131.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_156b45c-768x336.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_156b45c.png 1169w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Google supports up to 1000 different Individual Third Party SSO profiles. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-to-configure-jumpcloud\"><strong>To configure JumpCloud<\/strong><\/h3>\n\n\n\n<ol>\n<li><a href=\"#creating-a-new-jumpcloud-application-integration\">Create a new application<\/a>&nbsp;or select it from the&nbsp;<strong>Configured Application<\/strong>s list.<\/li>\n\n\n\n<li>Select the&nbsp;<strong>SSO<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>Replace any instances of YOURDOMAIN with your Google Workspace domain name.<\/li>\n\n\n\n<li>Add any additional attributes.<\/li>\n\n\n\n<li>Copy the JumpCloud <strong>IDP URL<\/strong> for the next section.<\/li>\n\n\n\n<li>Click&nbsp;<strong>save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Download the certificate<\/strong><\/h4>\n\n\n\n<ol>\n<li>Find&nbsp;your application in the&nbsp;<strong>Configured Applications<\/strong>&nbsp;list and click anywhere in the row to reopen its configuration window.<\/li>\n\n\n\n<li>Select the <strong>SSO <\/strong>tab and click <strong>IDP Certificate Valid &gt; Download certificate<\/strong>.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>The certificate.pem will download to your local <strong>Downloads<\/strong> folder.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-to-configure-google\"><strong>To configure Google<\/strong><\/h3>\n\n\n\n<ol>\n<li>Log in to the <a href=\"http:\/\/admin.google.com\" target=\"_blank\" rel=\"noreferrer noopener\">Google Admin Console<\/a>.<strong> <\/strong><\/li>\n\n\n\n<li>Select <strong>Security &gt; Authentication &gt; SSO with third party IdP.<\/strong> <\/li>\n\n\n\n<li>After selecting the appropriate profile, enter the following information:\n<ul>\n<li><strong>Sign-in page URL<\/strong> &#8211; enter the JumpCloud <strong>IDP URL<\/strong>.<\/li>\n\n\n\n<li><strong>Sign-out page URL &#8211; <\/strong>enter <kbd>https:\/\/console.jumpcloud.com<\/kbd>.<\/li>\n\n\n\n<li><strong>Upload certificate<\/strong> &#8211; browse to and select the certificate downloaded in the previous section.<\/li>\n\n\n\n<li>(Optional) <strong>Change password URL<\/strong> &#8211; enter <kbd>https:\/\/console.jumpcloud.com<\/kbd><strong>.<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>&nbsp;If you enter a Change password URL, users will be directed to that page even if you don\u2019t enable SSO for your organization.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"4\">\n<li>Click <strong>Save.<\/strong><\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"authorizing-user-sso-access\"><strong>Authorizing User SSO Access<\/strong><\/h2>\n\n\n\n<p>Users are implicitly denied access to applications. After you connect an application to JumpCloud, you need to authorize user access to that application. You can authorize user access from the <strong>Application Configuration<\/strong> panel or from the <strong>Groups Configuration<\/strong> panel.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>To authorize user access from the Application Configuration panel<\/strong><\/h3>\n\n\n\n<ol>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/console.jumpcloud.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to <strong>USER AUTHENTICATION &gt; SSO<\/strong> <strong>Applications<\/strong>, then select the application to which you want to authorize user access.<\/li>\n\n\n\n<li>Select the <strong>User Groups<\/strong> tab. If you need to create a new group of users, see <a href=\"https:\/\/jumpcloud.com\/support\/get-started-user-groups\">Get Started: User Groups<\/a>.<\/li>\n\n\n\n<li>Select the check box next to the group of users you want to give access.<\/li>\n\n\n\n<li>Click <strong>save<\/strong>.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p>To learn how to authorize user access from the&nbsp;<strong>Groups Configuration<\/strong>&nbsp;panel, see&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/authorize-users-to-an-sso-application#user-groups-configuration-panel\">Authorize Users to an SSO Application<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"validating-sso-authentication-workflows\"><strong>Validating SSO user authentication workflow(s)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-idp-initiated-user-workflow\"><strong>IdP-initiated<\/strong> <strong>user workflow<\/strong><\/h3>\n\n\n\n<ul>\n<li>Access the <a href=\"https:\/\/console.jumpcloud.com\/userconsole#\/\">JumpCloud User Console<\/a><\/li>\n\n\n\n<li>Go to\u00a0<strong>Applications<\/strong> and click an application tile to launch it<\/li>\n\n\n\n<li>JumpCloud asserts the user&#8217;s identity to the SP and is authenticated without the user having to log in to the application<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-sp-initiated-user-workflow\"><strong>SP-initiated<\/strong> <strong>user workflow<\/strong><\/h3>\n\n\n\n<ul>\n<li>Go\u00a0to the SP application login &#8211; generally, there is either a special link or an adaptive username field that detects the user is authenticated through SSO<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>This varies by SP.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ul>\n<li>Login redirects the user to JumpCloud where the user enters their JumpCloud credentials<\/li>\n\n\n\n<li>After the user is logged in successfully, they are redirected\u00a0back to the SP and automatically logged in<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Removing the SSO Integration<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>These are steps for removing the integration in JumpCloud. Consult your SP&#8217;s documentation for any additional steps needed to remove the integration in the SP. Failure to remove the integration successfully for both the SP and JumpCloud may result in users losing access to the application.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"deactivating-the-sso-integration\"><strong><strong>To deactivate<\/strong><\/strong> <strong>the SSO Integration<\/strong><\/h3>\n\n\n\n<ol>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to&nbsp;<strong>USER AUTHENTICATION &gt; <strong>SSO<\/strong> <strong>Applications<\/strong><\/strong>.<\/li>\n\n\n\n<li>Search for the application that you\u2019d like to deactivate and click to open its details panel.&nbsp;<\/li>\n\n\n\n<li>Select the&nbsp;<strong>SSO&nbsp;<\/strong>tab.<\/li>\n\n\n\n<li>Scroll to the bottom of the configuration.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Deactivate SSO<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Click&nbsp;<strong>save<\/strong>.&nbsp;<\/li>\n\n\n\n<li>If successful, you will receive a confirmation message.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"deleting-the-application\"><strong><strong>To delete<\/strong><\/strong> <strong>the application<\/strong><\/h3>\n\n\n\n<ol>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to&nbsp;<strong>USER AUTHENTICATION &gt; <strong>SSO<\/strong> <strong>Applications<\/strong><\/strong>.<\/li>\n\n\n\n<li>Search for the application that you\u2019d like to delete.<\/li>\n\n\n\n<li>Check the box next to the application to select it.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Delete.<\/strong><\/li>\n\n\n\n<li>Enter the number of the applications you are deleting<\/li>\n\n\n\n<li>Click&nbsp;<strong>Delete Application<\/strong>.<\/li>\n\n\n\n<li>If successful, you will see an application deletion confirmation notification.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>In addition to the JumpCloud Google Workspace Cloud Directory Integration (which enables the provisioning and synchronization of your Google Workspace [&hellip;]<\/p>\n","protected":false},"author":205,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2855,2991,2902],"support_tag":[],"coauthors":[2839],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SSO with Google Workspace - JumpCloud<\/title>\n<meta name=\"description\" content=\"Create a Google Workspace integration with JumpCloud using SSO.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSO with Google Workspace\" \/>\n<meta property=\"og:description\" content=\"Create a Google Workspace integration with JumpCloud using SSO.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-23T06:08:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c-1024x455.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"joyjaswinski\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace\",\"url\":\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace\",\"name\":\"SSO with Google Workspace - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c-1024x455.png\",\"datePublished\":\"2023-06-07T19:38:39+00:00\",\"dateModified\":\"2024-07-23T06:08:04+00:00\",\"description\":\"Create a Google Workspace integration with JumpCloud using SSO.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c.png\",\"width\":1046,\"height\":465},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SSO with Google Workspace\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SSO with Google Workspace - JumpCloud","description":"Create a Google Workspace integration with JumpCloud using SSO.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace","og_locale":"en_US","og_type":"article","og_title":"SSO with Google Workspace","og_description":"Create a Google Workspace integration with JumpCloud using SSO.","og_url":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace","og_site_name":"JumpCloud","article_modified_time":"2024-07-23T06:08:04+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c-1024x455.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes","Written by":"joyjaswinski"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace","url":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace","name":"SSO with Google Workspace - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c-1024x455.png","datePublished":"2023-06-07T19:38:39+00:00","dateModified":"2024-07-23T06:08:04+00:00","description":"Create a Google Workspace integration with JumpCloud using SSO.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/sso-with-google-workspace"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/03\/Snag_26e9ed3c.png","width":1046,"height":465},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/sso-with-google-workspace#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"SSO with Google Workspace"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/89910"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/205"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/89910\/revisions"}],"predecessor-version":[{"id":113203,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/89910\/revisions\/113203"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=89910"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=89910"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=89910"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=89910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}