To set up your Qase account with SSO/SAML and Google Workspace, you'll need to take the following steps:

1. Sign in to the Admin Console of your Google Workspace account. You'll need to be a G Suite account administrator

2. Click through the "Apps - Manage apps and their settings" icon

Screenshot_2020-07-15_at_01.07.26.png

3. Click on "SAML Apps"

Screenshot_2020-07-15_at_01.08.00.png

4. Click on the yellow plus button on the bottom right to add a new app

Screenshot_2020-07-15_at_01.09.23.png

5. In "Step 1", click on "Setup my own custom app" on the bottom:

Screenshot_2020-07-15_at_01.11.12.png

6. Copy the SSO URL, EntityID and download the Certificate. We will use them on the next steps. Click on the "Next button".

Screenshot_2020-07-15_at_01.11.53.png

7. Fill the form with the application name and description. We suggest using "Qase" as the name of the app - it will be easier to find it in the future. Also, you can upload a logo. After the form is complete, click on the "Next" button.

Screenshot_2020-07-15_at_01.12.36.png

8. On this step, you will need to fill the form with the following details:

ACS URL: https://app.qase.io/saml/acs

Entity ID: https://app.qase.io/saml/metadata

Start URL: https://app.qase.io

Signed Response: Checked

Name ID: Basic Information / Primary Email

Name ID Format: EMAIL

After you fill the form with necessary data, click on the "Next" button.

Screenshot_2020-07-15_at_01.13.31.png

9. If you want to save the user's first name, last name, and job title in Qase, you need to add attribute mapping fields. That can be done by clicking on the "Add new mapping" button and selecting the values like on this screenshot:

Screenshot_2020-07-15_at_01.14.19.png

10. Google setup is complete. Now you need to go to the Qase security page and link your account with Google's credentials. Click on the "Enable SSO/SAML" toggle button and fill the form:

SAML Sign-in URL: paste SSO URL from step 6.

Identity Provider Issuer: paste EntityID from step 6.

Key x509 Certificate: open downloaded in step 6 certificate in any editor, copy its content, and paste in the textarea.

Domains: provide a list of domains separated by a comma, that will be used for SSO. Public domains like gmail, hotmail, and etc are not allowed.

Default role: choose a default role that will be granted to the new users.

If you want new users who join your team to become a read-only by default, check "Automatically add new users as read-only members" checkbox.

After the form is filled, click on the "Save" button.

qase_sso_setup.png

Setup is complete. Now you can logout from the app and log in through the SSO login form.

Did this answer your question?