Skip to main content
All CollectionsAccount & Users
Adding Google Workspace SAML Idp to Fugo Single sign-on
Adding Google Workspace SAML Idp to Fugo Single sign-on

This article will show you how you can federate your Fugo account with your Google Idp.

Sarah avatar
Written by Sarah
Updated over 8 months ago

Table of Contents

If your organization already uses an Identity Provider (IdP) such as Google, Active Directory, Azure AD, ForgeRock, Okta, or Ping Identity, then you can integrate Fugo with these external IdPs by using federation. When federation is set up, users can use Single Sign-On to sign in to their third-party IdP, then access Fugo directly without a second sign-in.

In this article we will show you how you can federate your Fugo account with your Google Idp.

The federation lets employees use their existing organization identity and credentials to sign in to Fugo CMS.

Using SSO can provide several advantages:

  • You improve user experience by allowing them to use their existing credentials to authenticate, reducing the need for entering credentials frequently.

  • Allows you to centrally manage your organizational users from your IdP.

  • Improves security since you don't have to share and synchronize passwords with Fugo

What is SAML

Fugo offers a SAML-based integration with Google SSO that provides partner companies with full control over the authorization and authentication of hosted user accounts that can access web-based applications.

Using the SAML model, Google acts as the service provider

Step 1: Configure Fugo SSO from Google Admin console

To set up SAML-based SSO with a custom application follow the steps below:

  1. Go to your Google Admin console (at admin.google.com)

  2. Go to Apps > Web and mobile apps.

  3. Click Add App Add custom SAML app.

  4. On the App Details page:

    1. Enter the name of the Fugo app: Fugo SAML

    2. (Optional) Add Fugo's app icon.

  5. Click Continue

  6. On the Google Identity Provider details page, enter the following information into your Fugo Account Single Sign On Configuration page (Check step 1 of "Step 2: Configure SSO from your Fugo account")

    1. Copy the SSO Url from the details into the Login Url and Logout Url fields of the Fugo SSO SAML From

    2. Enter the domain name: Domains are used to determine which users are affiliated with your organization when they enter their email address on Fugo's company login screen. Click on th Add domain buton if you want to add multiple domains

    3. Copy the Certificate from the details page into the Fugo Certificate field; make sure to remove the following: ----BEGIN CERTIFICATE--- and ----END CERTIFICATE----- when copy-pasting.

    4. Lastly, please confirm that your identity provider is utilizing the RSA_SHA256 signature Aagorithm. If your identity provider is using a different signature algorithm, please contact us at support@fugo.ai

    5. Once done click Continue

Generated Information

  1. You should now see ACS Url and Entity Id appear below SSO on your form. Copy and paste them into your Service Provider to complete the SSO setup.

  2. (Optional) Check the Signed Response box if your service provider requires the entire SAML authentication response to be signed. If this is unchecked (the default), only the assertion within the response is signed.

  3. The default Name ID is the primary email:

    1. The default Name ID format as ****Email ****

    2. Name ID as Basic Information > Email

  4. Once done click Continue

User Provisioning

  1. On the Attribute mapping page, click Add another mapping to map additional attributes.

    1. Under Google Directory attributes, click the Select field menu to choose a field name.

    2. First NamefirstName

    3. Last NamelastName

    4. fugo_role => fugo_role

    5. space_role => space_role

  2. Click Finish

  3. Make sure the app is On for everyone for your users in Service Status

  4. Ensure that the app is enabled for all users by setting ON for everyone in the Service Status.

Update User customer attributes

  1. Go to Users under Directory in your left pane and choose Manage custom attributes under More Options

  2. Click Add Custom Attribute and fill out the form

    1. Category: Fugo attributes

    2. Custom Field Name: fugo_role

3. Click Save to continue

Assigning Fugo Roles & Space Memberships From Your IDP

You can now assign Fugo Roles and Fugo Space memberships when adding users to your account from your IDP. To invite new users, you simply need to make the Fugo app available for them from your IDP. When they sign in for the first time, they will be automatically added to your account with roles and space memberships as specified under the User Provisioning section.

Please note that the fugo_role attribute now requires a role name that matches the roles in your Fugo account. If the Fugo role name is not found, the new user will be assigned the default role .

Additionally, the fugo_space attribute requires a space name that matches an existing space in your account. Otherwise, the user will be added to a root space.

The default role is the admin role but it can be set to any other existing role from the Roles section

Step 2: Configure SSO from your Fugo account

An account is already created for you for testing:

  1. Go to your Fugo Account by pressing on the top right corner

  2. Choose the Single-Sign On tab

  3. First Choose SAML 2.0 and name your Identity Provider: this can be anything but it's good to make it recognisable

  4. Then fill out the rest of the form according to Step 6 under Step 1: Configure Fugo SSO from Google Admin console

  5. When done Click Save Settings

Login using SAML SSO

  1. Logout from your Fugo account

  2. Click Sign in with Single Sign On link on the registration page

  3. Enter your email address and click Sign In

  4. You will be asked to authenticate with your Google Idp

If this is your first time using Fugo SSO, you will be asked to link your Idp account with your existing Fugo account :

  1. Click on Add to existing account

  1. And your Fugo Email and Password to confirm you own the Fugo account

When you press Sign In you will be redirected to your Fugo Account

🤭 This is a one-time-only step. You will not be asked to repeat it next time you use Fugo to Login.

And you’re done! Hopefully, this guide has wrapped up any questions you might have had, but if you are still running into issues after walking through the steps above, please drop our support team an email at support@fugo.ai - we're always happy to help out!

Did this answer your question?