You can choose to enforce SAML SSO for with Google for added security. Once set up, users in your organization can use their managed Google account credentials to sign in to via Single Sign-On (SSO.)

In this Article:

  • Connect SSO to 

Connect SSO to

To connect your SSO to your instance of, please follow the instructions listed here: Steps to setup SSO

After you have enabled SSO within, the next step is to create an App within you SSO:

1. Sign in to your Google Admin console and navigate to Apps > SAML Apps

2. Click on the (+) icon in the bottom right and select ‘Set up my own custom app’

3. Fill out the basic information: Add a name and description for

4. Copy the following fields from Google to

  • SSO URL: Enter in the "SAML 2.0 URL" field in

  • Entity ID: Enter in the "Identity Provider Issuer URL" field in

  • Download the certificate, copy the value between `<ds:X509Certificate> & </ds:X509Certificate> and paste it to the "Public (X.509) Certificate" field in

5. Click ‘Next’ to fill out the Service Provider Details. The "SAML Name" from should be copied to the "ACS URL field" and "Entity ID." Use the Name ID Format shown below, and leave ‘Signed Response’ unchecked.

6. Click ‘Next’ to set up the attribute mapping as shown below:

7. Enable the SAML App for all users in your organization or select the ones who will be using

8. Verify with Navigate to the Login Page and select SAML SSO. Provide your email when prompted and verify with Google Apps.


Q. What to do when there is an error message: ‘Error: app_not_configured_for_user. Service is not configured for this user.’?

A. Check that the X509 certificate value is correctly entered in Ally. Only the value given for the X509 certificate should be copied and pasted, not the whole XML data.


Did this answer your question?