Google SAML SSO

Enable your employees to securely and seamlessly sign in using Single Sign-On (SSO)

Chris Morris avatar
Written by Chris Morris
Updated over a week ago

This article applies to:

Admins

Premium Procurement

Estimated time: Less than 15 mins

About this article

Enable your employees to sign in to Vendr using Single Sign-On (SSO). This article covers creating a SAML integration and connecting your SSO provider to Vendr.

How it works

When you use the Google SSO SAML integration employees will be prompted to log in to Vendr using single-sign-on through Google instead of magic links. SAML provides a quick and secure method of passing user authentications and authorizations between your identity provider and Vendr.

‍

Benefits

  • Increase security by centralizing user access to Vendr through your SSO provider

  • Provide a quick and seamless way for employees to log into Vendr – no magic links required.

Requirements

  • Vendr Admin

  • Google Admin

Note

Installing the Google SSO integration does not sync users to Vendr for assigning steps in workflows. To sync users to Vendr you'll also need to configure an Identity Provider or HRIS integration.

Overview

To allow employees to log in to Vendr using your SSO provider, you will:

Create SAML application

  1. In the Admin console, go to Menu > Apps > Web and mobile apps

  2. Click Add App > Add custom SAML app

  3. On the App Details page, enter the name of the custom app

  4. Click Continue.

  5. On the Google Identity Provider details page, click "Download Metadata" to download the XML file. Save this, you'll need it later. (Ignore "Option 2".)

  6. Click Continue.

  7. In the Service Provider Details window, enter:

    1. Entity ID: urn:amazon:cognito:sp:us-east-1_ZT4DHbbKd

    2. Name ID Format: select "ENTITY" from the dropdown list

    3. Name ID: select "Basic Information > Primary email"

  8. Click Continue.

  9. On the Attribute mapping page, under Google Directory attributes, make sure "Basic Information > Primary email" is selected.

  10. Under App attributes, enter "email".

  11. Click Finish.

  12. In the Admin console, go to Menu > Apps > Web and mobile apps.

  13. Select the SAML app you just created.

  14. In the User Access section, turn access ON for everyone (it's OFF by default).

Enable SSO in Vendr

  1. Navigate to Vendr and select admin and then SSO

  2. Select GSuite SAML as the SSO Provider

  3. Upload the downloaded metadata file from the previous step to Metadata XML field

  4. Click Submit

πŸŽ‰ Congrats! Your integration is now connected.

TIP

Vendr doesn't automatically support IdP-initiated logins. Users will be prompted to log in through Google when users log in directly from Vendr.

To enable users to login to Vendr directly from the Google dashboard add the following URL as an application bookmark:

https://app.vendr.com/#/login?via=saml&domain=YOUR_DOMAIN

Did this answer your question?