Hanzo
PlatformHanzo IAMConnecting to IAMSAML

Google Workspace (SAML)

Use Hanzo IAM as SAML IdP for Google Workspace SSO.

This guide configures Hanzo IAM as a SAML identity provider for Google Workspace single sign-on.

Add a certificate in Hanzo IAM

Create an X.509 certificate with RSA in Hanzo IAM and download it.

Add cert

Configure the SAML application in Hanzo IAM

  1. On the application edit page, select the certificate and add your Google domain (e.g. google.com) to Redirect URLs.
  2. Set SAML reply URL to https://www.google.com/a/<your-domain>/acs. See SSO assertion requirements for the ACS URL.
  3. Copy the Sign-in page URL for the next step.

Select cert and add redirect URLs Enter the SAML reply URL field Copy the sign-in page URL

Add third-party SAML IdP in Google Workspace

  1. In Google Workspace AdminSecurityOverview, find SSO with third-party IdP.
  2. Click Add SSO profile and enable Set up SSO with third-party identity provider.
  3. Paste the Hanzo IAM sign-in page URL into Sign-in page URL and Sign-out page URL.
  4. Upload the certificate you downloaded from Hanzo IAM and save.

Configure Google Workspace

Test with a user

  1. In Google Workspace, create a user (e.g. username test).
  2. In Hanzo IAM, create a user with the same username in the correct organization and set their email.

Add a user in Google Workspace Add a user in Hanzo IAM

Sign-in flow: open the Google app (e.g. google.com) → sign in with the user’s email → redirect to Hanzo IAM → enter Hanzo IAM credentials → redirect back to Google when successful.

Final result

How is this guide?

Last updated on

AWS Client VPN (SAML)

Use Hanzo IAM as SAML IdP for AWS Client VPN.

Keycloak (SAML)

Use Hanzo IAM as SAML IdP in Keycloak.

On this page

Add a certificate in Hanzo IAM
Configure the SAML application in Hanzo IAM
Add third-party SAML IdP in Google Workspace
Test with a user