=== Google Workspace SAML App ===

As the administrative user for your Google Workspace domain, login to the [[https://admin.google.com|Google Workspace Admin page]]. 

Then Select Apps > SAML Apps from the menu on the left hand side of the screen ("hamburger menu"). 

{{::gsuite_1.png?600|}}

On the following screen, click the yellow plus (+) symbol in the bottom left to add a new SAML Application. 
Then select "Setup my own custom app"

On the next screen you will want to save the SSO URL, Entity ID and download the certificate. 

{{::ii_jl85yqk14_1656c9918e5ef030.png?600|}}

On the next page enter an Application Name that matches your Access Anywhere system, and use any Description or Logo you would like, and click next. 

Next fill out the "Service Provider Details" like so:

__ACS URL__ = Access Anywhere URL + "/saml.htm" - ex: https://filefabric.fileserverapp.com/saml.htm

__Entity ID__ = Access Anywhere URL - ex: https://filefabric.fileserverapp.com/

__Start URL__ = Access Anywhere URL - ex: https://filefabric.fileserverapp.com/

__Name ID__ = Leave as Default: Basic Information > Primary Email

__Name Format__ = Leave as Default: Unspecified

{{::gsuite_3.png?600|}}

We will set up the following mappings in the Attribute Mapping Section:

Username > Basic Information > Primary Email

email > Basic Information> Primary Email

fullname > Basic Information > First Name

groups > Employee Details > Department

phone > Contact Information> Phone Number

upn > Basic Information > Full Name

{{::ii_jl85yqkh5_1656c9918e5ef030.png?600|}}

Click Finish to complete the setup of the SAML App. 

Finally select the three dot menu for the app and select "ON for everyone" to enable all of your Google Workspace users to use this app. 

{{::gsuite_4.png?300|}}

=== Access Anywhere Auth System ===

As the Org admin, we will now enable the SAML Authentication. 

Click on: Organization > Auth Systems.

Select: Auth System > SAML 2

Fill in the following details:

__Auth System Name__ - Google Workspace SAML

__Login Button label__ - This text field will be what is displayed in the login button on the Access Anywhere login page. Use something that the users will understand like "Login with Google"

__The service provider entity ID__ - Enter the Entity ID you saved from the Google SAML App setup screen

__SSO Entry point__ - Enter the SSO URL you saved from the Google SAML App setup screen

__Logout Service Endpoint__ - https://accounts.google.com/Logout

__Certificate Data__ = Enter the certificate text you downloaded from the Google SAML App setup screen

__Fetch User Role\Group Name by id__ - Leave unchecked

__Auto create user on login__ - Check if you would like users to be auto provisioned when logging in via SAML

__Update user roles/groups on login__ - Check if you would like Access Anywhere roles to be updated on user login

__Update user info on login__ - Check to update all user information on SAML login

__User Import Fields__

Ensure the following mappings are set:

Unique user attribute > username

User login field > username

User Name field > fullname

User email field > email

Role\Group name field > groups

User Phone field > phone

{{::gsuite_5.png?600|}}
 
Click Test and then Update to save these settings