Manage enterprise connections
Auth and access
You can set up SAML to work with your Google Workspace.
Google does not support hosting your SAML metadata XML file on their web services, but Kinde requires access to the file via URL so that certificates are always up to date. We recommend you host the file on a public web service that can be accessed by Kinde. For example, you could use an AWS S3 bucket, Cloudflare R2, or public website.
You can make a connection available only to a specific organization, or you can create it so it can be used across any organization in your business.
Enter the Connection name. This name is what will appear on the button on the authentication screen. We will call it ‘Google Workspace’ for this example.
Enter an Entity ID. This field can be any mix of numbers and letters, as long as it matches your IdP configuration. Copy this somewhere you can access it later.
If you are adding this connection to a live environment, you will be prompted to enter an IdP Metadata URL before you can save. If you are not sure of the file location, enter any URL and we will update this later.
Enter Home realm domains. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information about how, see Home realm domains or IdP discovery.
If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the Always show sign-in button option.
Scroll down and copy the ACS URL. Paste the URL somewhere you can access it later.
Select provisioning options.
Add a signed certificate and key if you have it. You can also do this later.
Select Save. We need to get some information from Google Workspace Console to complete these fields.
Complete the App details window:
Copy the Google Identity Provider details by selecting DOWNLOAD METADATA under Option 1. This is the file you will need to upload to a file storage location and provide a URL to finish setting up in Kinde.
Select Continue.
As mentioned at the start, you need to upload the metadata file that you downloaded, to somewhere publicly accessible. This is because Google does not provide a publicly available URL for the metadata file.
Once you have completed the above steps, you should be able to see a Google Workspace sign-in button on your product’s authentication screen. Note: if you gave the enterprise connection a different name in Kinde, the button will have the name you entered.
If you can’t see the button:
Try to sign in and hopefully - success!!