About enterprise connections
Auth and access
You can set up SAML to work with your Google Workspace.
Google does not support hosting your SAML metadata XML file on their web services, but Kinde requires access to the file via URL so that certificates are always up to date. We recommend you host the file on a public web service that can be accessed by Kinde. For example, you could use an AWS S3 bucket, Cloudflare R2, or public website.
Sign in to both Kinde and the Google Workspace Admin Console in separate tabs or windows, so that you can switch back and forth.
In Kinde, go to Settings > Authentication.
Scroll down to Enterprise Connections and select Add connection.
Select Google Workspace and then select Save.
On the Google Workspace tile, select Configure.
In the dialog that appears:
Enter Home realm domains. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information about how, see Home realm domains or IdP discovery.
If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the Always show sign-in button option.
Scroll down and copy the ACS URL. Paste the URL somewhere you can access it later.
Complete the App details window:
Copy the Google Identity Provider details by selecting DOWNLOAD METADATA under Option 1. This is the file you will need to upload to a file storage location and provide a URL to finish setting up in Kinde.
Select Continue.
As mentioned at the start, you need to upload the metadata file that you downloaded, to somewhere publicly accessible. This is because Google does not provide a publicly available URL for the metadata file.
Once you have completed the above steps, you should be able to see a Google Workspace sign-in button on your product’s authentication screen. Note: if you gave the enterprise connection a different name in Kinde, the button will have the name you entered.
If you can’t see the button:
Try to sign in and hopefully - success!!
Before you delete a connection, make sure that there are no users relying on it for authentication. Once deleted, the sign in option becomes unavailable to users. This action can’t be reversed.