Skip to main content
Set up SAML Single Sign-On

SAML SSO How-to

Christina avatar
Written by Christina
Updated over 4 months ago

You can sign in to Goody with Google SSO or Microsoft SSO on all plans without setting up SAML SSO. This feature allows you set up a custom SAML application for your IDP.
​
SAML SSO is available on the Team plan, or as an add-on for any plan. Contact support to subscribe to the Team plan or the add-on.

SAML SSO allows organization members to sign in to Goody using your identity provider, such as Okta, Microsoft, Google Workspace, or any other identity provider that supports SAML.

To set up SAML SSO in Goody as an organization admin, go to Organization > Settings and click Set up SAML. We have walkthrough steps available for:

Set up SAML SSO for all IDPs

  1. Set up a SAML application in your identity provider and name it Goody.

  2. Enter details from Goody into your IDP:

    1. When asked for the ACS URL, enter the ACS URL from Goody. This is the URL that your identity provider will redirect to after authenticating the user.

    2. When asked for the Entity ID, enter the SP Entity ID from Goody.

  3. Enter details from your IDP to Goody:

    1. Enter the identity provider's SSO URL into Goody's SSO URL field. This is the URL that Goody redirects to to authenticate the user.

    2. Enter the identity provider's Entity ID into Goody's Entity ID field.

    3. Enter the identity provider's certificate into Goody's Certificate field.

  4. Ensure you have mapped the user's first name to the first_name attribute, and the user's last name to the last_name attribute.

  5. Ensure your name ID format is set to Email.

  6. Click Save and enable SAML on Goody. You can now test it by signing out and back in by clicking "Sign in with SSO" on the sign in page.

Set up SAML SSO for Google Workspace

You can sign in to Goody with Google SSO without setting up a SAML application, and this is available on all plans. However, if you prefer more control, you can set up a custom SAML app.

  1. In the Google Admin console, go to Menu > Apps > Web and mobile apps.

  2. Click Add app > Add custom SAML app.

  3. Enter "Goody" as the app name and optionally upload the Goody icon found on the "App Icon" under Goody's "Set up SAML" page. Click Continue.

  4. On the Google Identity Provider details page:

    1. Copy the SSO URL into Goody's SSO URL field.

    2. Copy the Entity ID into Goody's Entity ID field.

    3. Download the certificate and paste it into Goody's Certificate field.

    4. Click Continue.

  5. In the Service Provider Details page:

    1. Copy Goody's ACS URL into the ACS URL field.

    2. Copy Goody's SP Entity ID into the Entity ID field.

    3. Ensure the Name ID is set to "Primary email".

    4. Click Continue.

  6. On the user attribute mapping page:

    1. Add a mapping from First name to first_name.

    2. Add a mapping from Last name to last_name.

    3. Click Continue.

  7. Fill out any group membership requirements as needed and click Finish.

  8. On Goody's SAML setup page, click Save and enable SAML.

  9. Turn on the SAML application in Google Admin and test it by signing out and back in by clicking "Sign in with SSO" on the sign in page.

Google Workspace can take 15-60 minutes to propagate newly created SAML applications to users. If you just set up SAML and it's not working, try again in a few minutes.

Did this answer your question?