How do I set up SSO in Google Workspace?
What is a How do I set up SSO in Google Workspace??
Single Sign-On (SSO) in Google Workspace lets your team sign in once to access all connected apps. IT admins can use Google as the identity provider or connect an external one like Okta or Microsoft Entra ID.
SSO lets your team sign in once and access all connected apps without logging in separately to each. You can use Google as the identity provider, or connect an external one such as Okta or Microsoft Entra ID.
Step 1: Choose an identity provider
Decide whether to use Google directly as your identity provider, or connect an external provider via SAML. Google maintains a list of supported SAML apps at support.google.com.
Step 2: Configure SSO in the Admin Console
- Go to admin.google.com.
- Navigate to Security → Authentication → SSO with third-party IdP.
- Add your SAML identity provider details: sign-in URL, sign-out URL, and certificate.
- Save and test the connection.
If you are using Google as the identity provider, no external SAML configuration is needed. Enable SSO with Google as SAML IdP instead.
Step 3: Assign access to users
- In the Admin Console, go to Apps → Web and mobile apps.
- Assign each app by organizational unit or group.
- Verify access for a test account before rolling out broadly.
Checklist before going live
| Item | Why it matters |
|---|---|
| Set up a backup super admin account with a recovery email not tied to SSO | If the identity provider goes down, you need a way back in |
| Enforce SSO for all users once tested | Avoids a split configuration where some users bypass SSO |
| Pair SSO with Google 2-Step Verification | SSO alone is not sufficient; 2-factor authentication is a separate control |