Skip to main content

Pattern PXM SSO with Google Workspace

Step-by-step guide for setting up Single Sign-On with Google Workspace and Pattern PXM via SAML 2.0.

Written by Caden Lindquist

Overview

Pattern PXM is a cloud-based Product Experience Management platform designed to help product brands rapidly organize, convert, manage, and share marketing content and digital assets. This article summarizes the concepts and setup of Pattern PXM Single Sign-On (SSO) with Google Workspace via SAML 2.0.

Benefits of enabling SSO:

  • Single Sign-On capabilities and enhanced security

  • Pattern PXM opens immediately for authenticated users and remembers user collections

  • Admins can view full user access history

  • Streamlined bulk user onboarding

  • Fast user access and broad system usability

Single Sign-On (SSO)

Enterprise single sign-on allows employees to access all company applications with one set of credentials. Depending on the organization, credentials may include email address, phone number, or username combined with a password. The company routes all logins through an Identity Provider (IDP) for which a license has been purchased. The IDP typically hosts a login page where employees enter corporate credentials before accessing any application.

Single Sign-On provides stronger security through a central authentication point, significantly reducing the risk of phishing attacks.

How enterprise SSO works with Pattern PXM

When enterprise SSO is enabled, user authentication is handled externally — bypassing Pattern PXM's native login. When users navigate to your Pattern PXM sign-in page or follow a link to Pattern PXM, they are authenticated by signing into your corporate server or a third-party identity provider.

The sign-in flow follows this sequence:

  1. Users navigate to your Pattern PXM subdomain.

  2. If not already authenticated, users are redirected to your corporate server or third-party identity provider login page.

  3. Users enter their sign-in credentials.

  4. If valid, users are redirected back to the Pattern PXM home page.

Note: Users can also initiate the sign-on process from your corporate server or third-party identity provider sign-in page. They will be authenticated automatically when accessing Pattern PXM. User accounts must exist within Pattern PXM to allow access — new employees must be created using their email address in Pattern PXM.

The advantage of enterprise SSO is complete control over user authentication behind your firewall. You authenticate users once against your own system, then grant access to many corporate resources — both inside and outside your firewall — without requiring separate sign-ins.

By default, Pattern PXM stores only the user's name and email address. Pattern PXM does not store user passwords.

SAML 2.0

About SAML

Secure Assertion Markup Language (SAML) is not enabled by default and requires proper licensing to activate. SAML is supported by many identity provider services, including Google Workspace, Okta, Microsoft Active Directory, and LDAP.

Implementing SSO via SAML means the sign-in process and user authentication are handled entirely outside of Pattern PXM. Users sign in to the corporate system (authenticated by Google Workspace, Active Directory, or LDAP) and click a link to access Pattern PXM, where they are automatically signed in.

Pattern PXM supports SAML on Professional and Enterprise editions.

How SAML works with Pattern PXM

  • Your users belong to a corporation where all authentication is managed by your corporate authentication system — referred to as the Identity Provider (IdP). In this case, Google Workspace serves as the IdP.

  • Pattern PXM, acting as the Service Provider (SP), establishes a trust relationship with the IdP and allows the external IdP to authenticate users, then seamlessly sign them in.

  • A user signs in at work and then has automatic access to many corporate applications — email, CRM, Pattern PXM, and more — without separate sign-in steps.

Once SAML is enabled, users who visit your Pattern PXM account and attempt to sign in are redirected to Google Workspace for authentication. Once authenticated, users are redirected back to Pattern PXM and signed in automatically.

Returning visitors are automatically authenticated if their SAML assertions are cached. Assertions are packets of security information used to make access-control decisions.

New user provisioning

A Pattern PXM user profile is automatically created for any new user who accesses your Pattern PXM account through SAML. The profile is created without a password — no separate Pattern PXM credentials are needed.

Prerequisites

To set up Google Workspace SSO in your Pattern PXM environment, you will need:

  • A Google Workspace Admin account with administrator privileges

  • The Remote Login URL for your Google Workspace SAML server (the SAML Single Sign-On URL)

  • The SHA1 or SHA2 fingerprint of the SAML certificate — X.509 certificates in PEM or DER format are supported

Once your Google Workspace SAML app is properly configured, provide the downloaded IdP Metadata XML to your Pattern PXM onboarding team to complete activation.

Google Workspace SAML setup guide

Part A — Generating certificates

  1. In Google Workspace Admin, navigate to Security > Authentication > SSO with Google as SAML IdP.

  2. Click Add Certificate and ensure that there are 2 certificates listed in your view.

  3. Proceed to Part B of this guide to create the SAML app.

Part B — Creating a SAML app in Google Workspace

  1. In Google Workspace Admin, navigate to Apps > Web & Mobile Apps.

  2. Choose Add App.

  3. Give your app a descriptive name (this is the label users will see in their app selector), add an optional description, and upload an icon (square images work best).

  4. In the next window, select Option 1: Download IdP Metadata and download your certificate XML.

  5. Click Continue.

  6. Enter the following configuration values:

  7. Click Continue.

  8. Map the following Google Workspace profile attributes to Pattern PXM user data:

    • Primary Email → email

    • First Name → firstname

    • Last Name → lastname

    • Phone Number → phone

    • Locale → language_code

  9. You can ignore any group assignments.

  10. Click Finish.

Final step: Send your downloaded IdP Metadata XML to your Pattern PXM onboarding lead. They will install the certificate in the SAML application. Once installed, you can test your SSO integration. Once completed, the Pattern PXM app will also appear in your users' Google Workspace application selector.

For additional support, contact your Pattern PXM onboarding team or visit pxm.pattern.com.

Related Articles
Pattern PXM SSO with Azure Active Directory
Pattern PXM Open API — Website Integration Guide
Did this answer your question?