SSO setup - Google Workspace (SAML2.0)

Fill out this contact form to trial or subscribe to the SSO feature.

Splashtop supports logging into my.splashtop.com and Splashtop Business app using the same credentials as your SAML 2.0 identity provider. Please follow the below instructions to create an app from Google Workspace.

  1. Sign into your Google Admin console by going to https://admin.google.com/
  2. From the Admin console Home page, go to Menu ""and then"" Appsand thenWeb and mobile apps.
  3. Click Add Appand thenAdd custom SAML app.GW1_en-us.png
  4. Upon clicking, you will be directed to the App details page, where you can input the app's name and, if desired, upload an optional icon.
  5. Click Continue.
    GW2_en-us.png

  6. On the Google Identity Provider details page, get the setup information needed by the service provider using one of the options below. (This is Google Workspace information, not Splashtop's)
    • Download the IDP metadata.
    • Copy the SSO URL and Entity ID and download the Certificate (or SHA-256 fingerprint, if needed).
  7. Once the necessary information, you will be directed to Service Provider Details window, enter:
  8. Click Continue once you have completed the setup.
    GW4_en-us.png
  9. Attribute mapping page is optional, click the Finish button to complete the setup.

Turn on your SAML app

  1. Sign into your Google Admin console by going here: https://admin.google.com/
  2. From the Admin console Home page, go to Apps -> Web & mobile apps.
  3. Select your SAML app and click User access
  4. To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save
    GW8_en-us.png
  5. (Optional) To turn a service on or off for an organizational unit:
    • On the left, select the organizational unit.
    • Select On or Off
    • Click Override to keep your setting if the service for the parent organizational unit is changed.
    • If Overridden is already set for the organizational unit, choose an option:
      • Inherit - Reverts to the same setting as its parent.
      • Save - Saves you new settings (even if the parent setting changes)
        Note: Learn more about Google's organizational structure 
  6. To enable a service for a specific group of users within or across organizational units, choose an access group. For more information on enabling a service for a group of users rather than the entire organization: go to turn on a service for a group
  7. Ensure that the email addresses your users use to sign in to the SAML app match the email addresses they use to sign in to your Google domain.

Apply for an SSO method from Splashtop web console

  1. Log in my.splashtop.com/ my.splahstop.eu. Go to Account info / Team tab.
  2. Scroll down to the bottom to click Apply for new SSO method.
  3. Select Google as the IDP type.
  4. Insert the required fields. We suggest the method of importing the metadata.
    GW12.png
    SP SSO2_en-us.png
  5. After clicking Save, the validation team will verify the info inserted and verify your domain ownership.

  6. We will activate the SSO method after verifying the domain ownership.

Verify that SSO is working with your custom app

After receiving the SSO method is enabled email from the Splashtop team:

  1. Sign into your Google Admin console by going here: https://admin.google.com/
  2. From the Admin console Home page, go to Apps ->Web and mobile apps.
  3. Select your custom SAML app.
  4. At the top left, click Test SAML login (your app should open in a separate tab)
    • Open the SSO URL for your new SAML app. You should be automatically redirected to the Google sign-in page.
    • Enter your username and password. (After your sign-in credentials are authenticated, you're automatically redirected back to your new SAML app.)GW7_en-us.png
false
0 out of 0 found this helpful