circle-info
Browser extension has been released. Send recordings with annotations and more.
Get it nowarrow-up-right
search
PricingContact SupportEnterpriseHomepageSign Up

SAML SSO with Google Workspace

Configure SAML SSO with Google

This guide walks through setting up SAML single sign-on between Google Workspace and Screendesk. After completing these steps, your team members can log in to Screendesk using their Google Workspace credentials.

circle-info

Plan Availability: Enterprise only

circle-info

Before starting, make sure you have admin access to both your Google Workspace Admin Console and your Screendesk workspace. You will also need your Screendesk service provider details — find them in Account Settings → Security → SAML SSO.

hashtag
Configuration Overview

Setting up SAML SSO with Google Workspace involves two stages: creating a custom SAML app in Google Admin, then entering Google's IdP details back in Screendesk.

You will need these Screendesk values for the Google side:

Screendesk Field
Value

ACS URL

https://app.screendesk.io/saml_callback

Entity ID

urn:screendesk.io:saml

hashtag
Step 1 — Create a Custom SAML App in Google

1

hashtag
Open the Google Admin Console

Sign in at admin.google.comarrow-up-right and navigate to Apps → Web and mobile apps.

2

hashtag
Add a new app

Click Add app → Add custom SAML app.

3

hashtag
Name the app

Enter Screendesk as the app name. Optionally upload the Screendesk logo. Click Continue.

4

hashtag
Copy the Google IdP details

On the Google Identity Provider details screen, you will see three values you need for Screendesk:

  • SSO URL — Copy this. You will paste it as the Single Sign On URL in Screendesk.

  • Entity ID — Copy this. You will paste it as the IDP Entity ID in Screendesk.

  • Certificate — Click Download Certificate to get the X.509 certificate file. You will paste its contents as the IDP Certificate in Screendesk.

Click Continue.

5

hashtag
Enter the Service Provider details

Fill in the following fields:

Field
Value

ACS URL

https://app.screendesk.io/saml_callback

Entity ID

urn:screendesk.io:saml

Start URL

Leave blank

Name ID format

EMAIL

Name ID

Basic Information > Primary email

Click Continue.

6

hashtag
Configure attribute mapping

Add the following attribute mappings so Screendesk can read user details from the SAML response:

Google Directory attribute
App attribute

Primary email

email

First name

first_name

Last name

last_name

Click Finish.

7

hashtag
Turn on the app for your users

By default, the new SAML app is off for everyone. To enable it:

  1. On the app's details page, click User access.

  2. Select ON for everyone (or select specific organizational units).

  3. Click Save.

circle-exclamation

Changes in Google Workspace can take up to 24 hours to propagate to all users, though it typically happens within minutes.

hashtag
Step 2 — Configure Screendesk

1

hashtag
Open SAML SSO settings

In Screendesk, go to Account Settings → Security → SAML SSO and click Edit SAML SSO Settings.

2

hashtag
Enter the Google IdP details

Using the values you copied from Google Admin in Step 1:

Screendesk Field
Value from Google

SSO Domain

Your company's email domain (e.g., yourcompany.com)

IDP Entity ID

The Entity ID from Google's IdP details page

Single Sign On URL

The SSO URL from Google's IdP details page

IDP Certificate

The contents of the downloaded certificate file. Open it in a text editor and paste the full text, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

3

hashtag
Save the configuration

Click Save Changes.

hashtag
Step 3 — Test the Connection

1

hashtag
Open an incognito window

Use a private browser window to avoid conflicts with your current session.

2

hashtag
Start the SAML login

Go to the Screendesk login page, click Sign in with SAML SSO, and enter an email address that belongs to your SSO domain.

3

hashtag
Authenticate with Google

You should be redirected to Google's sign-in page. Log in with your Google Workspace credentials.

4

hashtag
Confirm access

After authenticating, you should be signed in to Screendesk. If this is your first SAML login and Automatic account creation is enabled, a new Screendesk account will be created for you with the Member role.

hashtag
Troubleshooting

chevron-right"SAML Authentication failed" errorhashtag

This usually means the SAML response signature could not be verified. Check the following:

  • The IDP Certificate in Screendesk matches the certificate downloaded from Google Admin. Make sure you pasted the full PEM text including header and footer lines.

  • The ACS URL in Google matches https://app.screendesk.io/saml_callback exactly.

  • The Entity ID in Google matches urn:screendesk.io:saml exactly.

chevron-right"No SSO account found" errorhashtag

This means Screendesk could not find a workspace associated with the email domain. Verify that the SSO Domain field in Screendesk matches the domain part of your users' email addresses (e.g., yourcompany.com).

chevron-rightUsers are redirected but not signed inhashtag

Make sure the Name ID format in Google is set to EMAIL and the Name ID is set to Primary email. Screendesk uses the NameID to identify users, and it must be a valid email address.

chevron-rightNew users get "Ask your IT administrator" messagehashtag

This means Automatic account creation is turned off in your Screendesk SAML settings. Either enable it in Account Settings → Security → SAML SSO, or manually create the user's Screendesk account before they try to log in.

PreviousSAML SSO with Azure ADNextSAML SSO with Okta

Last updated

Was this helpful?