Back to TravelPerk Contact us Request demo

Articles in this section

How can I set up SSO for Google (SAML)?

  • Updated

What you'll learn in this article: If your company uses GSuite (Google) as an identity provider under SAML 2.0, you can easily set up SSO on your own. 

Setting up a new SSO  integration for GSuite with SAML

Who can set up this feature?
  • You need to have admin rights in both TravelPerk and GSuite to be able to set this up
  • Both TravelPerk and GSuite need to be open and accessible to finalize the integration

To configure a new SSO integration, follow these steps:

  1. Go to Company settings > Integrations > SSO
  2. Click on Set up
  3. Click on SAML and create a New integration

Screenshot_2020-11-11_at_13.30.49.png

Once you've created a New integration, you'll need to configure it:

  1. Open your Google admin console → AppsSAML Apps → Add Custom SAML App
    Screenshot_2020-11-16_at_10.40.21.pngScreenshot_2020-11-16_at_10.41.03.png
    Screenshot_2020-11-16_at_10.41.51.png
  2. Give your new SAML app a name
  3. Configure your new SAML App

From your Google app configuration to TravelPerk:

  1. Copy SSO URL and paste it in IdP SSO service URL
  2. Copy Entity ID and paste it in IdP entity ID
  3. Copy Certificate and paste it in x509 cert
  4. Click on Continue in your Google Admin Console
  5. Screenshot_2020-11-16_at_10.42.30.png
    Screenshot_2020-11-11_at_20.16.22.png

From TravelPerk to your Google app configuration:

  1. Copy SP Assertion Consumer Service URL and paste it in ACS URL
  2. Copy SP entity ID and paste it in Entity ID
  3. Optionally you can set the StartURL, with the following format: https://{company}.travelperk.com
  4. Make sure that:
    • signed response is checked
    • the Name ID format is EMAIL
    • Name ID is Basic information > Primary email
  5. Click on Continue
    Screenshot_2020-11-16_at_11.20.27.png
  6. The attribute mapping needs to look like the following:
    Screenshot_2020-11-16_at_11.22.00.png
    Where:
    Google Directory Attributes App Attributes
    First Name User.FirstName
    Last Name User.LastName
    Primary Email User.email

Please make sure that the attribute mapping looks exactly like we are showing in this Help Center article. Capital letters and punctuation signs included.

 

Set up will be complete once you Finish in Google and Create integration in TravelPerk.

Remember! You will need to configure the User Access from GSuite to choose who should be able to access TravelPerk, as it is OFF for everyone by default. 

 

Optional next steps

There are other features you can take advantage of when enabling SSO for your company. You will find the configuration screen once you have clicked on Create integration and the integration was created successfully:

  • Create users when they sign in. If you ever wonder if all your employees have access to TravelPerk, turn this on and we will create the user on the fly. We won't create a user if the person doesn't have access to the app from GSuite.
  • Update users when they sign in. We'll match TravelPerk's information to the information received by the IdP.
  • Customize your sign in button

Related articles