What you'll learn in this article: If your company uses GSuite (Google) as an identity provider under SAML 2.0, you can easily set up SSO on your own.
Setting up a new SSO integration for GSuite with SAML
- You need to have admin rights in both TravelPerk and GSuite to be able to set this up
- Both TravelPerk and GSuite need to be open and accessible to finalize the integration
To configure a new SSO integration, follow these steps:
- Go to Company settings > Integrations > SSO
- Click on Set up
- Click on SAML and create a New integration
Once you've created a New integration, you'll need to configure it:
- Open your Google admin console → Apps → SAML Apps → Add Custom SAML App
- Give your new SAML app a name
- Configure your new SAML App
From your Google app configuration to TravelPerk:
- Copy SSO URL and paste it in IdP SSO service URL
- Copy Entity ID and paste it in IdP entity ID
- Copy Certificate and paste it in x509 cert
- Click on Continue in your Google Admin Console
From TravelPerk to your Google app configuration:
- Copy SP Assertion Consumer Service URL and paste it in ACS URL
- Copy SP entity ID and paste it in Entity ID
- Optionally you can set the StartURL, with the following format: https://{company}.travelperk.com
- Make sure that:
- signed response is checked
- the Name ID format is EMAIL
- Name ID is Basic information > Primary email
- Click on Continue
- The attribute mapping needs to look like the following:
Where:
Google Directory Attributes App Attributes First Name User.FirstName Last Name User.LastName Primary Email User.email
Please make sure that the attribute mapping looks exactly like we are showing in this Help Center article. Capital letters and punctuation signs included.
Set up will be complete once you Finish in Google and Create integration in TravelPerk.
Remember! You will need to configure the User Access from GSuite to choose who should be able to access TravelPerk, as it is OFF for everyone by default.
Optional next steps
There are other features you can take advantage of when enabling SSO for your company. You will find the configuration screen once you have clicked on Create integration and the integration was created successfully:
- Create users when they sign in. If you ever wonder if all your employees have access to TravelPerk, turn this on and we will create the user on the fly. We won't create a user if the person doesn't have access to the app from GSuite.
- Update users when they sign in. We'll match TravelPerk's information to the information received by the IdP.
- Customize your sign in button