> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bronto.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Google SAML IdP

> Configure Google Workspace as a SAML identity provider for Bronto so users can sign in with their existing Google accounts via single sign-on.

Configure Google Workspace as a SAML identity provider so your users can sign in to Bronto with their existing Google accounts. You start the provider in Bronto to obtain the values to paste into Google, configure the Google SAML app, then finish the Bronto wizard.

## Step 1: Start the provider in Bronto

In Bronto, go to **Settings** > **Authentication** > **Login Methods** and click **Add Provider** in the **SSO** section. Set **Choose protocol** to **SAML**.

### Name

Pick a unique name for this IdP within your organisation (e.g. "Google").

<img src="https://mintcdn.com/bronto/87F9YexlZ_qiC--t/images/account-mgmt-images/sso/google-saml-name.png?fit=max&auto=format&n=87F9YexlZ_qiC--t&q=85&s=32788ae2233247407c9386fd37223bbb" alt="Name your provider step" width="3168" height="1860" data-path="images/account-mgmt-images/sso/google-saml-name.png" />

### Upload

On the **Upload** step, the **Paste these into your IdP** panel shows the values you need to configure the Google SAML app — the **ACS URL**, **Entity ID**, and **Default Relay State**. Keep this open while you configure Google in Step 2, then upload the metadata XML that Google gives you back into this step.

<img src="https://mintcdn.com/bronto/87F9YexlZ_qiC--t/images/account-mgmt-images/sso/google-saml-upload.png?fit=max&auto=format&n=87F9YexlZ_qiC--t&q=85&s=506b5c1041cf9218151ccea260b47345" alt="Upload IdP metadata step" width="3168" height="1864" data-path="images/account-mgmt-images/sso/google-saml-upload.png" />

## Step 2: Configure the SAML app in Google

[View the dedicated Google instructions](https://support.google.com/a/answer/6087519?hl=en#zippy=%2Cstep-add-the-custom-saml-app)

### Service Provider Details

* **Application Name -** Can be anything

* **Description -** Can be anything

* **ACS URL -** Use the **ACS URL** from the Bronto **Upload** step.

* **Entity ID -** Use the **Entity ID** from the Bronto **Upload** step.

* **Start URL -** Use the **Default Relay State** from the Bronto **Upload** step.

* **Signed Response -** Leave unchecked

* **Name ID -** Select **Basic Information** and **Primary Email**

### Attribute Mapping

Bronto requires a First name, Last name and Primary Email attributes from Basic Information. These can map to any fields, as long as you match the names used when configuring the IdP in Bronto.

If you wish to use role mapping, you must also configure attribute mapping from group membership to the attribute mapped to **custom:member\_of**. See [SSO Role Mapping](/Account-Management/SSO/SSO-Role-Mapping).

## Step 3: Finish the wizard in Bronto

Back in Bronto, upload the metadata XML from Google on the **Upload** step, then complete the remaining steps.

### Email

Add the email domains that should route to this provider (e.g. `bronto.io`). Type each domain and press **Enter**.

<img src="https://mintcdn.com/bronto/87F9YexlZ_qiC--t/images/account-mgmt-images/sso/google-saml-email.png?fit=max&auto=format&n=87F9YexlZ_qiC--t&q=85&s=7947e3f51b820a44dfde54ee8e54b462" alt="Email domains step" width="3166" height="1868" data-path="images/account-mgmt-images/sso/google-saml-email.png" />

### Map

Map your Google attributes to Bronto's required **First Name**, **Last Name**, and **Email**, matching the attribute names you configured in Google. To use role mapping, click **+ Add role mapping** and map your group membership attribute to **custom:member\_of**.

<img src="https://mintcdn.com/bronto/87F9YexlZ_qiC--t/images/account-mgmt-images/sso/google-saml-map.png?fit=max&auto=format&n=87F9YexlZ_qiC--t&q=85&s=ac24952b0008d1d726dd853439c1e175" alt="Map IdP attributes step" width="3166" height="1860" data-path="images/account-mgmt-images/sso/google-saml-map.png" />

Click **Save** to create and enable the IdP.
