Skip to main content

Set Up Google SSO (SAML) for Your Organization

Configure Google SSO using the SAML protocol, allowing your company to access Cye platform with Google credentials.

Updated over 2 weeks ago

Overview

When Google SSO is enabled, users can sign in to Cye platform using their Google credentials via the SAML protocol — either alongside or instead of a password, depending on your organization’s login configuration.
Google acts as the Identity Provider (IdP) and Cye platform is the Service Provider (SP). The connection is configured by exchanging key details — including a metadata XML file, Entity ID, and mapped fields — between Google and Cye platform.

Note that:

  • Cye platform supports two SSO protocols: SAML, which is used with identity providers like Google and Okta; and OIDC, which is currently supported only with Microsoft.

  • While multiple login methods can be active at the same time (e.g., Google SSO and password-based login), only one SAML-based configuration can be enabled in Cye platform at any given time.

Setup: Google + Cye

1. In Google Workspace:

Only Google Workspace Admins can perform this setup. If you don’t have admin access, please contact your administrator to complete the configuration.

First, log in to the Google Workspace Admin Console. From the home screen, go to Apps in the left-hand menu — this is where you’ll begin setting up SSO:

  • Click Add App > Add Custom SAML App:

  • Assign the name "Cye" to the app, then click Continue:

  • Download the metadata XML file — you’ll upload it to Cye platform later in the process:

2. In Cye:

  • Click the Settings icon.

  • Go to Company Profile, then scroll down to the SSO section:

  • Click Edit, then check the “SSO” box to begin setup:

  • Then fill in the following field: IdP Entity ID

    • You can copy this value directly from the metadata XML file (look for entityID), or retrieve it in Google at any time by navigating to SAML app > Service Provider Details > Manage Certificates > Entity ID

  • Under Metadata, select XML (mark the circle).

    • Then upload the metadata XML file you downloaded from Google:

Click Save, and while still on this screen, copy the following Cye service provider details:

  • Cye Entity ID

  • Cye Single Sign-On URL

You’ll need to enter these in the next step, back in Google:

3. Back in Google:

  • In the Cye app setup in Google, paste the values provided by Cye platform:

    • Cye Entity ID (this appears as “ACS URL” in the Google service provider settings)

    • Cye Single Sign-On URL (this appears as “Entity ID” in the Google settings)

    → Check “Signed Response” — this is required. If not selected, login will silently fail.

    Then click Continue:

  • Map Primary Email to “Email” (this is required and cannot be validated during setup):

  • (Optional) You can map Groups if your organization uses Google Groups, but note: group membership does not affect Cye platform roles or permissions — those are managed within Cye platform.

  • Save and confirm any Google prompts.

4. Confirm the Connection:

Once setup is complete, you can verify the connection by logging into Cye platform with a Google Workspace account:

  • Complete the configuration.

  • Log into Cye via the Google SSO option.

  • If login fails, Cye will display an error. If the error is on Google’s side, Google will also display an error message.

Delete or Disable SSO:

To remove or turn off Google SSO in Cye :

  1. Go to Settings > Company Profile > SSO

  2. Uncheck the SAML SSO checkbox to disable the connection:

  • A confirmation pop-up will appear — click Close:
    (Don’t worry — you’ll finalize everything in the next step)

  • Click Save to apply your changes.

Common Pitfalls

  • Entity ID must be correct — Cye platform checks this before saving. If incorrect, a validation error will appear.

  • Signed Response must be checked in Google — login will silently fail if this is skipped.

  • Email mapping (Primary Email → Email) is required but not validated during setup — errors will only show at login.

  • Google will return an error message if the issue is on their side.

  • You can use Google SSO (SAML) and Microsoft SSO (OIDC or SAML) side by side.

  • Only one SAML configuration can be active in Cye platform at a time.

Troubleshooting

  • Login fails with a generic error
    → Check the Email field mapping in Google (Primary Email → Email)

  • Setup fails when entering Entity ID
    → Cye platform validates the Entity ID during setup. If it's wrong, you'll see an error before saving

  • SSO setup worked, but users can't log in
    → Confirm that Signed Response is checked in the Google SAML app settings

  • Can’t find the Entity ID?
    Tip: It’s included in the metadata XML file from Google. You can also retrieve it at any time:
    SAML app in Google → Service Provider Details → Manage Certificates → Entity ID

Wrap-up / Next Steps

Google SSO is now configured. You can manage or update this setup at any time from the SSO section in your Company Profile settings.

Related Articles
Set up and log in with Okta SSO
Set up Microsoft SSO with Entra ID
Configure Microsoft Entra ID for SSO
Configure SSO for login
Set up SAML SSO with Okta
Did this answer your question?