You can also reach out to support@langdock.com to set up your SSO integration with assistance.

Prerequisites

  • Access to an admin account in your Langdock workspace.
  • An Google Workspace Admin account with the ability to create and manage Apps.
  • “Join by domain” must be enabled in your Langdock security settings.

Create a new custom SAML app

First, you need to create a new custom SAML app in your Google Workspace Admin console.
To do this, follow these steps:
  1. In your Admin console, navigate to the Menu and then “Apps” and then “Web and mobile apps”.
  2. Create a new custom SAML application by clicking on “Add app” and “Add custom SAML app”.
  3. Name your application (e.g. “Langdock”) and, optionally, upload an icon.
  4. Click Continue.

SAML Configuration

After creating the application, you need to configure the SAML settings, which will allow Langdock to authenticate users via SAML. First, you need to copy configuration values from the Google Workspace Admin console to Langdock. In Langdock, navigate to the Security settings and activate the “SAML Active” toggle. After this, you need to fill out the following fields:
  1. “Issuer”: can be any unique id of your custom SAML app, e.g. langdock.com
  2. “Sign on URL”: The “SSO URL” value from Google Workspace Admin console (e.g. https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXXX)
  3. “Certificate”: The “Certificate” value from Google Workspace Admin console. This will be in the format of:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Now, you can click “Continue” in the Google Workspace Admin console to proceed with the SAML configuration. In the “Service provider details” section, you need to fill in the following values:
  1. “ACS URL”: The “Assertion Consumer Service (ACS) URL” value from Langdock
  2. “Entity ID”: The same value as the “Issuer” field in the previous step (e.g. langdock.com)
  3. “Signed response”: Make sure this is checked
You can leave the other fields empty or with their default values. (“Name ID format”: UNSPECIFIED and “Name ID”: Basic Information > Primary email). Click “Continue” to proceed. In the “Attribute mapping” section, you can leave the default values or map additional attributes if needed. Click “Finish” to complete the SAML configuration. Make sure to assign the application to the users or groups in your Google Workspace account who should have access to Langdock.

Test the SAML setup

To test the SAML setup, open seperate browser or an incognito window and navigate to https://app.langdock.com.
Enter an email address of a user in your Google Workspace account and click “Continue”.
You will be redirected to the Google login page, where you can enter your credentials.
After successful authentication, you will be redirected back to Langdock and logged in.

Troubleshooting

If you encounter any issues during the setup, please reach out to support@langdock.com for assistance.