How to connect G-Suite SSO

Find out how to set up Google SSO on AirMason

Judith avatar
Written by Judith
Updated over a week ago

Organization URL:

In this article, we'll be referencing this URL at a couple of places. You can figure out what to use there by going to Manage Organization > Configuration

If you've custom domain setup on AirMason
- then your Organization URL will be your custom domain (Eg:
- otherwise it will be<company-handle>, where <company-handle> is company handle that you've set up. (Eg:

Setting up AirMason app on G-Suite:

  1. Login into using google admin account

  2. Then follow these steps to create Google saml app

    1. Go to “Apps” > “Web and mobile apps”

    2. Click Add App and click Add custom SAML app

  3. App details

    1. App name = AirMason

    2. App Icon

      1. Click on image to download and save the AirMason logo

    3. Click continue

  4. Google Identity Provider details

    1. Click continue

  5. Service provider details

    1. ACS URL and Entity ID is your https://organization URL/gg_sso/saml2

    2. NAME ID should match the following image

    3. Click continue

  6. Attributes

    1. Match your mapping with the following image:

    2. Click Finish

  7. Once the app is created, go to “User access” and select employees you want to give access to.

Connecting G-Suite SSO app to AirMason:

  1. Go to G-Suite app and click on "DOWNLOAD METADATA" button
    1.1. Your browser URL should be looking something like this: . In this example URL, 587527004653 is AppID. Copy your AppID from your URL (we would be using it later)
    1.2. From the download metadata page, copy your Entity ID and Certificate
    1.3. From your Entity ID field, copy idpid. If Entity ID looks like this then C03e14v76 is idpid.

  2. Now, login to and go to Integrations page

  3. Select GSuite app from SSO applications and click on Connect and set the following params:
    3.1. Issuer URL as Entity ID value from Step 1.2.
    3.2. Certificate as Certificate value from Step 1.2.
    3.3. SAML 2.0 Endpoint as<idpid>&spid=<AppID>&forceauthn=false (replace <AppID> with your AppID value from step 1.1. and <idpid> with your app's idpid from step 1.3.). Your final URL should look something like this:

Testing GSuite SSO as employee:

  1. Go to your Organization URL. It should show you login page for viewing your handbooks

  2. Click on "Login with Google SSO"

  3. It should take you to login using google SSO credentials (if you are not logged in)

  4. Once you log in, it should bring you back to AirMason and you should be able to view handbooks you've access to (similar to what is shown below).

Did this answer your question?