As an Organisation Admin, you can set up and configure an Organisation Workspace SSO. This will allow you to manage the authentication and access control for multiple users within an organisation. For example, the SSO can simplify the login process by allowing the users to sign in once and access multiple applications (including Pigeonhole Live) without the need to enter the login credentials again.
Note: G Suite has transitioned its communication and collaboration tools into a more unified experience, leading to the rebranding of the platform as Google Workspace.
In this documentation, we will navigate the following steps to help you set up your Organisation Workspace SSO to prevent unauthorised access to confidential meetings and events.
- Navigation to Organisation SSO Setup Page
- Create an Application on G Suite
- Create a User on G Suite
- Add Organisation SSO Profile
Let's get started 🚀
Navigation to Organisation SSO Setup Page
Step 1: Log in to your Pigeonhole Live account to access its dashboard. Click on your Workspace selection list from the top-left corner of the interface.
Step 2: Select your Organisation name from your workspace selection list.
Step 3: Click on the Settings button from the top navigation bar to configure the organisation's Single Sign-On setup.
Step 4: Select the Single Sign-On option from the Organisation Settings to configure access to your workspace via the company‘s identity provider (G Suite).
While setting up SSO for workspace users, copy the Callback URL and Service Provider Entity ID.
| Parameters | Description | Actions |
| Callback URL | The callback URL is a request parameter. It is the URL to which users are redirected once the authentication is complete. This is where your application receives and processes the response from G Suite. | Copy the Callback URL |
| Service Provider Entity ID | An identity provider (IDP) is a service that keeps and handles digital identities. They offer a way to manage access, adding or withdrawing privileges, while security remains tight. | Copy the SP Entity ID. |
Create an Application on G Suite
Creating an application using G Suite (Google Workspace) Dashboard assigns it a client ID (a unique identifier), which you can use in your application while setting up organisation SSO for your workspace using Pigeonhole Live.
Step 1: Sign in to your G Suite account as an Admin and it will redirect you to the dashboard. Click on the Apps dropdown list from the left menu of the interface and select the Web and mobile apps option.
Step 2: Click on the Add Apps dropdown list and select Add custom SAML app option.
This will take you to the Add custom SAML app page, where you will need to enter the application name, description & icon (optional) for your application.
Step 3: After entering the basic details for your custom SAML app, click on the Continue button.
A Google Identity Provider details page will appear, where you find the following options to configure single sign-on (SSO) for SAML apps that will act as a bridge between GSuite and Pigeonhole Live.
- Download the IDP metadata, which contains all the details such as SSO URL, entity ID, etc.
OR
- Copy the SSO URL and Entity ID and download the Certificate (or SHA-256 fingerprint, if needed).
Note: The user can also download the IdP metadata file after finishing the custom SAML app integration.
A Service Provider Details page will appear, where you'll need to perform the following actions in the required fields:
| Fields | Description | Actions |
| ACS URL | The SAML response is received at the service provider's Assertion Consumer Service URL. | Paste the Callback URL |
| Entity ID | The application defines the unique identity of the SAML assertion's intended audience. This is usually your application's SP Entity ID. | Paste the SP Entity ID. |
| Start URL: (Optional) | This configures the parameter in a SAML Request, which can be a URL to redirect to after authentication. | Paste the Callback URL (Optional) |
| Name ID | Set the Name ID format and Name ID value for your custom SAML app. | Select Email as Name ID format and Name ID value as the primary email. |
After entering the required details, click on the Continue button.
After that, click on the Finish button.
Configure Application
After creating an application, you'll need to configure it for all users in the organization. This lets users log in using the application (Workspace SSO) that you set up.
Note: If you already have created a user on G Suite, you can directly follow the below steps, or else refer to this document to create a user.
Step 1: Click on the Off for everyone from the application’s user access section.
Step 2: Select the On for everyone option and click the Save button.
Add Organisation SSO Profile
After creating an application and user in G Suite, you can add an SSO profile for your organisation that lets you log into the application server and Data Center with G Suite credentials.
Step 1: From the Single Sign-On Page, click on the Add Organisation SSO profile button.
Step 2: A modal window will appear on the screen, where you must enter the SSO Profile name and upload the IdP metadata file.
Step 3: Click on the Test configuration button to validate the integration between G Suite
and the SSO setup in Pigeonhole Live is functioning correctly.
Step 4: You will be redirected to the G Suite login page. Enter the Organisation Admin credentials (the user you created on G Suite), and click on the Next button.
After that, google will bring you to another page where you will need to enter the password.
You will be again redirected to Pigeonhole Live with a Single sign-on configuration message where you need to click on the Apply new configuration button to add the Workspace G Suite SSO.
Note: If you wish to discard the new set-up and revert to your old SSO configuration, select Keep existing configuration.
This will complete the Organisation Workspace SSO setup by adding a new SSO profile.