Skip to main content

Configure SSO with Google

availability
Platform:WebMobile
Plan Type:BasicEssentialPremiumEnterprise
User Type:RequesterFull UserAdministrator

This article explains how to set up single sign-on (SSO) for MaintainX using Google as the identity provider (IdP).

Requirements​

  • A MaintainX Enterprise account.
  • An Administrator user profile with access to the MaintainX organizations you want to set up SSO for.
  • Access to the Google Admin console with the privileges needed to set up SSO.

Get Your MaintainX Configuration Information​

  1. Log into MaintainX as an Administrator.

  2. From the sidebar, open the Settings menu and select Customizations.

  3. On the Customizations tab, go to Single Sign-On (SSO) Self-Serve and select Set SSO Preferences.

    • If MaintainX doesn't have IdP information for your organization, the Register Identity Provider dialog opens.​

      Select Create to generate your IdP information and open the Single Sign-On Configuration dialog.​

    • If MaintainX does have IdP information for your organization, the Single Sign-On Configuration dialog opens right away.​

tip

Leave the Single Sign-On Configuration dialog open. During the configuration, you will need to copy some values from Google into MaintainX and copy some values from MaintainX into the Google Admin console.

Create an App in Google​

  1. Log into the Google Admin console.

  2. From the sidebar, select Apps > Web and mobile apps.

  3. Select Add app > Add custom SAML app.

    The Add custom SAML app options appear.

  4. On the App details tab, add a name for your new app in the App name field.

    Optionally, add a Description and App icon.

  5. Select Continue to go to the Google Identity Provider Details tab.

Copy Your IdP Configuration Settings From Google to MaintainX​

In the Google Admin console:

  1. On the Google Identity Provider Details tab, note the URLs in the following fields.

    • SSO URL
    • Entity ID

    You will need to copy them into MaintainX.

In MaintainX:

  1. Open the Single Sign-On Configuration dialog

  2. Go to the Identity Provider Configuration settings.

  3. Enter the following values from the Google Admin console:

    Copy this URL from GoogleInto these fields in MaintainX
    SSO on URL
    (Starts with https://accounts.google.com/o/saml2/idp?idpid=​)    		Single Sign On (SSO) URL
    and
    Destination
    Entity ID
    (Starts with https://accounts.google.com/o/saml2?idpid=)    		Issuer URI

Download Your SAML Signing Certificate​

You need a SAML signing certificate to make Google an identity provider in MaintainX.

In the Google Admin console:

  1. On the Google Identity Provider Details tab, go to the Certificate section.
  2. Click the download icon to download the certificate.
  3. Select Continue to go to the Service provider details tab.

Copy Your SSO URLs from MaintainX to Google​

In MaintainX:

  1. Open the Single Sign-On Configuration dialog.

  2. Locate the URLs in the following fields. You will need to copy them into the Google Admin console:

    • Entity ID (Audience URI)
    • ACS URL
    • Start URL

In the Google Admin console:

  1. On the Service provider details tab, go to the General section.

  2. Enter the URLs from the MaintainX Single Sign-On Configuration in the correct fields:

    Copy this MaintainX URLInto this field in Google
    ACS URL
    Starts with: https://maintainx.okta.com/sso/saml2/    		ACS URL
    Entity ID (Audience URI)
    Starts with: https://www.okta.com/saml2/service-provider/    		Entity ID
    Start URL
    Starts with: https://app.getmaintainx.com/auth/login/saml/    		Start URL (optional)

  3. Select Continue to go to the Attribute mapping tab.

Map the Service Provider Attributes​

In the Google Admin console:

  1. On the Attribute mapping tab, add the following mappings:

    Google Directory attributesApp attributes
    Primary Emailemail
    First namefirstName
    Last namelastName

  2. Select Finish.

Upload Your SAML Signing Certificate to MaintainX​

In MaintainX:

  1. Open the Single Sign-On Configuration dialog
  2. Go to the Identity Provider Configuration settings.
  3. Select Certificate > Upload.
  4. Select the certificate you downloaded from Google earlier, and submit it.
  5. Select Update to save your settings.

Turn on SSO Access for Users​

In the Google Admin console:

  1. Log into the Google Admin console.

  2. From the sidebar, select Apps > Web and mobile apps.

  3. In the list of apps, select the app you just created to view its details.

  4. On the page for your new SAML app, select User access.

    The access settings for all organizational units appear.

  5. In the Service status section, do one of the following:

    • To turn on SSO access for all users, select ON for everyone.

    • To turn on SSO access for specific teams or organizational units, select OFF for everyone.

      Then, from the sidebar, go to the Groups or Organizational Units section and select specific groups/units.

  6. Select Save.

Next Steps​

After you configure SSO, there are a few more things you need to do to finish the setup.

  • Test your SSO setup.
  • Map your domains.
  • Set the default account type for new users.
  • Migrate your existing users to SSO.
  • Enable SSO for your other MaintainX organizations.

For more information, see Set Up SSO.