Google Workspace Settings

Configure settings to use Google Workspace SAML2.0 authentication to log in to your ovice account. If you want to set up SAML authentication for multiple spaces in a hierarchical structure (building), please refer to the following.
SAML authentication settings for hierarchical structure (building)

 

Advance Preparation

1. Make sure you have the necessary permissions 

  • Google Workspace Administrator privileges
  • ovice Administrator privileges

2. Click on the hamburger menu at the top left of the ovice screen and select the "Space" tab on the main menu
*If you are not the organization owner, there is no need to select the tab.

Screenshot 2023-08-21 at 8.34.36 PM.png

3. Click “Space Settings” → “Permissions” → “Authenticate with email address” under “Allow access as a member”

4. Select the “SSO Authentication” tab

Screenshot 2023-11-01 at 8.00.30 PM.png

5. Click the + button for “SAML Authentication Setup”

6. Enter any name for Idp name

This name will appear on the space URL login screen.

Screenshot_2023-03-30_at_3.20.17_PM.png

7. Enter the space URL (https://〇〇.ovice.in) in the IdP logout URL

*You will enter the entity ID and IdP login URL later.

 

8. Select redirect destination

Select the screen each user will be redirected to when they log in.

Space Redirect into space
Lobby Redirect to lobby screen (space list)

 

Do not close the ovice settings screen in this state.

 

Google Workspace Settings

1. Access Google Admin Console

2. "Apps" → "Web and mobile apps" → "Add app" → "Add custom SAML app"

3. Enter any name in "App name" and click "Continue"

*As an option, you can set the app icon and description.

6. Copy and paste the following items from Google to the ovice settings screen prepared in advance and click "Save".

Google Workspace Settings Screen (copy source) ovice Settings Screen (paste destination)
SSO URL IdP login URL
Entity ID Entity ID
certificate IdP x509 certificate

 

Screenshot_2023-03-30_at_3.49.02_PM.png

*The left side is Google Workspace, and the right side is the ovice settings screen.

7. Click “Continue”

8. Copy and paste the following items displayed on the ovice settings screen to "Service provider details" in Google Workspace.

ovice setting screen (copy source) Google Workspace settings screen (paste destination)
identifier Entity ID
Reply URL ACS URL
Login URL Start URL (optional)

 

Screenshot_2023-03-30_at_3.47.43_PM.png

*The left side is Google Workspace, and the right side is the ovice settings screen.

8. Set name ID as below

Name ID format EMAIL
name id Basic information > Primary email

 

9. Click “Continue”

10. Click “Add Mapping”

Please set the following two items.

Basic information App attributes
First name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Primary email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

 

11. Click “Finish”

12. Reopen the app and click "User Access"

Screenshot 2023-10-06 at 4.18.22 PM.png

13. Select the users, groups, and organizations you want to add to the app, turn on "Service status" and click "Save"
 
Screenshot 2023-10-06 at 4.20.47 PM.png

 

[Optional] Add SAML authentication to access permission settings

By combining ovice's public settings and access permission settings , it is possible to allow only users who have performed SAML authentication to access the space.

1. Scroll down on the ovice SSO settings screen and check the SAML authentication settings you created under "Activate SSO authentication"

2. Click “Save”

 

Login using Google Workspace

Please refer to the following and try logging in.
Log in using space-specific SSO (SAML authentication, etc.)

 

If Login using Google Workspace Fails

If "404. That's an error" is displayed, please check the following:

  • It takes
    about 5 minutes for the SAML settings to take effect, so please wait for about 5 minutes and try logging in again.
  • Custom application permissions on the IDP side (Google Workspace) have not been granted.
    Please check whether the access rights for the created app are assigned to the relevant user or organization.
  • There is an error in the information you entered.
    Please check that the settings for both ovice and Google Workspace are correct.

 

Setting up SAML Authentication for hierarchical Buildings

Please follow the steps below to create a Google Workspace app and configure ovice for each space in your building. With this setting, users can complete SAML authentication in one space and move freely between spaces without having to re-authenticate.

1. Advance preparation

2. Google Workspace settings

*There is no need to quote access restrictions from other floors on the ovice settings screen.

Articles in this section