Skip to main content

Set up SSO with SAML

Workspaces can set up single sign-on (SSO) using SAML for Google and Microsoft

This guide will walk you through configuring Single Sign-On (SSO) using Security Assertion Markup Language (SAML) for Google and Microsoft in splose.

Before you begin

Notes:

  • You must be the Account owner to set up SSO

  • You will need a Google Workspace or Microsoft Azure administrator account, or set up with another Identify provider.

  • splose currently supports only SAML based SSO with Microsoft Entra ID (formerly Azure Active Directory) and Google Workspace. Whilst SAML should support other identity providers, we do not currently provide documentation on using them. If you have any questions about an identity provider other than Google and Microsoft, please contact our support team.

Tips:

  • You will still need to set up users in splose manually

  • If you select login via SSO only in splose settings then users have no option to login via a password and the reset password function is not accesible

  • When deprovisioning users or revoking access to splose, with SSO you should:

    • Remove their access from the splose SSO SAML app in Google or Microsoft

    • Go to User settings in splose and click "log out everywhere"

Setting up SSO SAML for splose

Regardless of your Identity Provider i.e. Google, or Microsoft, the process on setting up SAML remains the same from the splose settings.

Go to Settings and select the Security tab.

Screenshot of the splose Settings page showing the Security tab

Click the toggle under Single sign-on (SSO) to show the SSO settings.

You will see that the Identifier (Entity ID) and Reply URL (ACS URL) are not editdable.

Screenshot of the splose SSO SAML settings showing the Identifier (Entity ID) and Reply URL (ACS URL) fields

Configure SSO

Identity Provider configuration

The two items fields for Identifier (Entity ID) and Reply URL (ACS URL) will be used to copy and paste into your Identity Provider's SAML settings.

Service Provider configuration

The fields Login URL (SSO URL) and Certificate (Base64) will be populated with the fields provided by your Identity Provider. See below for. Google Workspace and Microsoft Entra ID steps.

Login settings

Under Login settings, you have the choice of allowing users to log in using their splose username and password as well as use Single Sign-On, or enforce users to sign in only with SSO.

You can also configure the "Require users to re-authenticate after" to require users to re-authenticate via SSO after a particular time period.

​Setting Up SSO SAML for Google Workspace

For more in-depth instructions, see the Google support guides.

Log in to your Google Workspace administrator console

Navigate to Apps > Web and mobile apps in the left-hand menu

Screenshot of the Google Workspace Admin Console showing the Apps menu with Web and mobile apps option

Click Add App from the dropdown list bar and select Add custom SAML app

Screenshot of the Google Workspace Add App dropdown showing the Add custom SAML app option

In stage 1: App details, enter an App name, such as "splose" and click Continue.

Screenshot of the Google Workspace SAML app setup showing stage 1 App details with the app name field

In stage 2: Google Identity Provider detail.

  1. Copy the SSO URL and paste it to the Login URL (SSO URL) field in the splose Single Sign-on settings.

  2. Copy the Certificate and paste it to the Certificate (Base64) field in the splose Single Sign-on settings.

    Screenshot of the Google Identity Provider details page showing the SSO URL and Certificate fields to copy for splose

Click Continue.

In stage 3: Service provider details:

  • Copy the Reply URL (ACS URL) from splose and paste it into Google's ACS URL field

  • Copy the Identifier (Entity ID) from splose and paste it into Google's Entity ID field

Leave all other fields, unless otherwise required by your organisation.

Screenshot of the Google SAML app stage 3 service provider details form with ACS URL and Entity ID fields

In stage 4: Attribute mapping, simply click Finish.

Screenshot of the Google SAML app stage 4 attribute mapping page with the Finish button

You will be redirected back to the splose SAML app page.

Screenshot of the Google SAML app page showing the user access section to enable the app for users

Select ON for everyone to ensure all users logging into splose must log in with SSO.

Screenshot of the Google SAML app user access settings showing the ON for everyone option selected


Go to your splose workspace and click "Test your configuration in splose" to validate you have set this up correctly.

Screenshot of the splose SSO settings showing the Test your configuration in splose button

Once successfully configured, a new tab will open with the message. "Your SSO is working properly. Please save your changes".

Once you see this, click Save.

Please note that it takes a few minutes for validation. Continue to click Test your configuration every few minutes until validated.

Setting Up SSO SAML for Microsoft

For more in-depth instructions see the Microsoft support guides

Log in to your Microsoft Azure administrator portal

Navigate to Microsoft Entra ID

Click + Add, then select Enterprise application.

Screenshot of the Microsoft Entra ID page showing the Add button with Enterprise application option

Select + Create your own application.

Screenshot of the Microsoft Entra ID enterprise applications page showing the Create your own application button

Enter an app name, such as "splose" and select Integrate any other application you don't find in the gallery (Non-gallery).

Screenshot of the Microsoft create application form showing the app name field and Non-gallery integration option selected

Click Create.

Select 2. Set up single sign on.

Screenshot of the Microsoft Entra enterprise application overview showing the Set up single sign on option

Select SAML

Screenshot of the Microsoft single sign-on method selection showing SAML as the selected option

Under Step 1: Basic SAML Configuration, click Edit.

Screenshot of the Microsoft SAML-based sign-on page showing Step 1 Basic SAML Configuration with the Edit button

Under Identifier (Entity ID) click Add Identifier and paste splose' Identifier (Entity ID) and under Reply URL (Assertion Consumer Service URL) click Add reply URL and paste splose' Reply URL (ACS URL)

Screenshot of the Microsoft Basic SAML Configuration form showing the Identifier (Entity ID) and Reply URL (ACS URL) fields

Click Save

Skip step 2 and go to step 3: SAML Certificates, and Download Certificate (Base64) Download.

Screenshot of the Microsoft SAML certificates section showing the Certificate (Base64) download option

📝 Note: This will download a '.cer' file which is not a readable format. You will need to open the file in a text editor software to be able to copy the raw text.

Go to your splose workspace and click "Test your configuration in splose" to validate you have set this up correctly.

Screenshot of the splose SSO settings showing the Test your configuration in splose button

Once successfully configured, a new tab will open with the message. "Your SSO is working properly. Please save your changes".

Once you see this, click Save.

Please note that it takes a few minutes for validation. Continue to click Test your configuration every few minutes until validated.

Related Articles
Set up two-factor authentication
Set up Stripe
Set up Google Meet integration
Set up Google Tag Manager in online bookings
Set up the QuickBooks integration
Did this answer your question?