Skip to main content

Overview

This guide walks you through configuring SAML single sign-on with Google Workspace. You’ll create a custom SAML app in your Google Admin console, configure the authentication settings, and establish a secure connection between your identity provider and Langdock. Once complete, your users will be able to sign in to Langdock using their Google Workspace credentials.

Setup Checklist

Verify that you have completed these steps from the setup checklist:
  • You have access to an admin account in your Langdock workspace
  • “Join by domain” is enabled in your Langdock security settings
  • Your domain is added and verified in your Langdock security settings
  • You have a Google Workspace Admin account with the ability to create and manage Apps

Create a new custom SAML app

First, you need to create a new custom SAML app in your Google Workspace Admin console. To do this, follow these steps:
  1. In your Admin console, navigate to the Menu and then “Apps” and then “Web and mobile apps”
  2. Create a new custom SAML application by clicking on “Add app” and “Add custom SAML app”
  3. Name your application (e.g., “Langdock”) and, optionally, upload an icon
  4. Click Continue
Navigate to Apps > Web and mobile apps in your Google Admin center Click on add an App and select the option "Add custom SAML app" Give the app a name (Langdock) and add an icon and description if you want to

SAML Configuration

Langdock uses SAML 2.0 as the standard for SSO authentication. After creating the application, you need to configure the SAML settings, which will allow Langdock to authenticate users via SAML. First, you need to copy configuration values from the Google Workspace Admin console to Langdock. In Langdock, navigate to the Security settings and activate the “SAML Active” toggle. After this, you need to fill out the following fields:
  1. “Issuer”: can be any unique id of your custom SAML app, e.g., langdock.com
  2. “Sign on URL”: The “SSO URL” value from Google Workspace Admin console (e.g., https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXXX)
  3. “Certificate”: The “Certificate” value from Google Workspace Admin console. This will be in the format of:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Now, you can click “Continue” in the Google Workspace Admin console to proceed with the SAML configuration. In the “Service provider details” section, you need to fill in the following values:
  1. “ACS URL”: The “Assertion Consumer Service (ACS) URL” value from Langdock
  2. “Entity ID”: The same value as the “Issuer” field in the previous step (e.g., langdock.com)
  3. “Signed response”: Make sure this is checked
You can leave the other fields empty or with their default values. (“Name ID format”: UNSPECIFIED and “Name ID”: Basic Information > Primary email). Click “Continue” to proceed. In the “Attribute mapping” section, you can leave the default values or map additional attributes if needed. Click “Finish” to complete the SAML configuration. Make sure to assign the application to the users or groups in your Google Workspace account who should have access to Langdock.

Test the SAML setup

To test the SAML setup, open seperate browser or an incognito window and navigate to https://app.langdock.com. Enter an email address of a user in your Google Workspace account and click “Continue”. You will be redirected to the Google login page, where you can enter your credentials. After successful authentication, you will be redirected back to Langdock and logged in.

Troubleshooting

If you encounter any issues during the setup, please reach out to [email protected] for assistance.