Skip to main content

Set Up Google SSO (SAML) for Your Organization

Configure Google SSO using the SAML protocol, allowing your company to access Hyver with Google credentials.

Updated over 5 months ago

Overview

When Google SSO is enabled, users can sign in to Hyver using their Google credentials via the SAML protocol — either alongside or instead of a Hyver password, depending on your organization’s login configuration.
Google acts as the Identity Provider (IdP) and Hyver is the Service Provider (SP). The connection is configured by exchanging key details — including a metadata XML file, Entity ID, and mapped fields — between Google and Hyver.

Note that:

  • Hyver supports two SSO protocols: SAML, which is used with identity providers like Google and Okta; and OIDC, which is currently supported only with Microsoft.

  • While multiple login methods can be active at the same time (e.g., Google SSO and password-based login), only one SAML-based configuration can be enabled in Hyver at any given time.

Setup: Google + Hyver

1. In Google Workspace:

Only Google Workspace Admins can perform this setup. If you don’t have admin access, please contact your administrator to complete the configuration.

First, log in to the Google Workspace Admin Console. From the home screen, go to Apps in the left-hand menu — this is where you’ll begin setting up SSO:

  • Click Add App > Add Custom SAML App:

  • Assign the name "Hyver" to the app, then click Continue:

  • Download the metadata XML file — you’ll upload it to Hyver later in the process:

2. In Hyver:

  • Click the Settings icon.

  • Go to Company Profile, then scroll down to the SSO section:

  • Click Edit, then check the “SSO” box to begin setup:

  • Then fill in the following field: IdP Entity ID

    • You can copy this value directly from the metadata XML file (look for entityID), or retrieve it in Google at any time by navigating to SAML app > Service Provider Details > Manage Certificates > Entity ID

  • Under Metadata, select XML (mark the circle).

    • Then upload the metadata XML file you downloaded from Google:

Click Save, and while still on this screen, copy the following Hyver service provider details:

  • Hyver Entity ID

  • Hyver Single Sign-On URL

You’ll need to enter these in the next step, back in Google:

3. Back in Google:

  • In the Hyver app setup in Google, paste the values provided by Hyver:

    • Hyver Entity ID (this appears as “ACS URL” in the Google service provider settings)

    • Hyver Single Sign-On URL (this appears as “Entity ID” in the Google settings)

    → Check “Signed Response” — this is required. If not selected, login will silently fail.

    Then click Continue:

  • Map Primary Email to “Email” (this is required and cannot be validated during setup):

  • (Optional) You can map Groups if your organization uses Google Groups, but note: group membership does not affect Hyver roles or permissions — those are managed within Hyver.

  • Save and confirm any Google prompts.

4. Confirm the Connection:

Once setup is complete, you can verify the connection by logging into Hyver with a Google Workspace account:

  • Complete the configuration.

  • Log into Hyver via the Google SSO option.

  • If login fails, Hyver will display an error. If the error is on Google’s side, Google will also display an error message.

Delete or Disable SSO:

To remove or turn off Google SSO in Hyver:

  1. Go to Settings > Company Profile > SSO

  2. Uncheck the SAML SSO checkbox to disable the connection:

  • A confirmation pop-up will appear — click Close:
    (Don’t worry — you’ll finalize everything in the next step)

  • Click Save to apply your changes.

Common Pitfalls

  • Entity ID must be correct — Hyver checks this before saving. If incorrect, a validation error will appear.

  • Signed Response must be checked in Google — login will silently fail if this is skipped.

  • Email mapping (Primary Email → Email) is required but not validated during setup — errors will only show at login.

  • Google will return an error message if the issue is on their side.

  • You can use Google SSO (SAML) and Microsoft SSO (OIDC or SAML) side by side.

  • Only one SAML configuration can be active in Hyver at a time.

Troubleshooting

  • Login fails with a generic error
    → Check the Email field mapping in Google (Primary Email → Email)

  • Setup fails when entering Entity ID
    → Hyver validates the Entity ID during setup. If it's wrong, you'll see an error before saving

  • SSO setup worked, but users can't log in
    → Confirm that Signed Response is checked in the Google SAML app settings

  • Can’t find the Entity ID?
    Tip: It’s included in the metadata XML file from Google. You can also retrieve it at any time:
    SAML app in Google → Service Provider Details → Manage Certificates → Entity ID

Wrap-up / Next Steps

Google SSO is now configured. You can manage or update this setup at any time from the SSO section in your Company Profile settings.

Related Articles
Set up and log in with Okta SSO
Set up Microsoft SSO with Entra ID
Configure Microsoft Entra ID for SSO
Configure SSO for Hyver login
Set up SAML SSO with Okta
Did this answer your question?