Setting up Google Workspace Settings

This section describes how to use Google Workspace SAML 2.0 authentication to log in to your ovice account. If you want to set up SAML authentication for multiple spaces in a hierarchical structure (building), please refer to the following.
SAML authentication settings for a hierarchical structure (building)

 

Advance Preparation

1. Make sure you have the necessary permissions to set it up

  • Google Workspace administrator privileges
  • ovice admin privileges

2. Click the three dots in the space header and select the "Space" tab.
*If you are not the organization owner, there is no need to select a tab.

space-settings.png

3. Go to "Space Settings" → "Space Access Settings" → "Member Whitelist Rules" and click "Email Account Authentication"

4. Select the "SSO" tab

Screenshot_2023-03-24_at_2.39.00_PM.png

5. Click the + button next to "SAML Authentication Setup"

6. Enter any name in the IdP name field.

This name will appear on the space URL login screen.

Screenshot_2023-03-30_at_3.20.17_PM.png

7. Enter the space URL (https://app.ovice.com/ws/◯◯/) in the IdP logout URL

*The entity ID, IdP login URL, etc. will be entered later.

Screenshot 2024-04-11 10.30.16.png

8. Select the redirect destination

Select the screen each user will be redirected to when they log in.

space Redirect into space
lobby Redirect to the lobby screen (space list)

 

Do not close the ovice settings screen in this state.

 

Google Workspace settings

1. Access  the Google Admin Console

2. "Apps" → "Web and Mobile Apps" → "Add App" → "Add Custom SAML App"

3. Enter any name in "App name" and click "Continue"

*Optionally, you can set the app icon and description.

6. Copy and paste the following items from Google into the ovice settings screen you prepared in advance and click "Save" 

Google Workspace settings screen (copy source) ovice setting screen (paste destination)
SSO URL IdP Login URL
Entity ID Entity ID
certificate IdP x509 cert


Screenshot 2024-04-11 10.21.40.png

*The left side is Google Workspace and the right side is the ovice settings screen.

7. Click "Continue"

8. Copy and paste the following items displayed on the ovice settings screen into the "Service Provider Details" of Google Workspace.

ovice setting screen (copy source) Google Workspace settings screen (paste destination)
Identifier Entity ID
Reply URL ACS URL
Login URL Start URL (optional)

 

Screenshot_2023-03-30_at_3.47.43_PM.png

*The left side is Google Workspace and the right side is the ovice settings screen.

8. Set the Name ID as follows:

Name ID Format EMAIL
Name ID Basic information > Primary email

 

9. Click "Continue"

10. Click "Add Mapping"

Please set the following two items.

Basic Information App Attributes
First name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Primary email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

 

11. Click "Finish"

12. Reopen the app and click "User Access"

Screenshot 2023-10-06 at 4.18.22 PM.png

13. Select the users, groups, and organizations you want to add to the app, switch "Service Status" to On, and click "Save."
 
Screenshot 2023-10-06 at 4.20.47 PM.png

 

[Optional] Add SAML authentication to permission settings

By combining the public settings  and  Space Access Settings of ovice, it is possible to allow only users who have authenticated with SAML to access the space.

1. Scroll down on the ovice SSO settings screen and check the SAML authentication settings you created under "Activate SSO authentication"

2. Click "Save"

 

Log in using Google Workspace

Please refer to the following and try logging in.
Log in with the space's own SSO (SAML authentication, etc.)

 

If you fail to log in using Google Workspace

If you see the message "404. That's an error", please check the following:

  • Please wait about 5 minutes for the SAML settings to take effect, then try logging in again.
  • Custom application permissions on the IDP side (Google Workspace) have not been granted.
    Please check whether the access rights for the created app have been assigned to the relevant users and organizations.
  • There is an error in the information you entered. Please check that there are no errors in the information you have set for both ovice and Google Workspace.

 

Setting up SAML authentication for spaces in a hierarchical structure (building)

Follow the steps below to create a Google Workspace app and configure it for each space in the building. With this setting, once a user completes SAML authentication in one space, they can move freely between spaces without having to re-authenticate.

1.  Advance Preparation

2.  Setting up Google Workspace

*There is no need to reference access restrictions for other floors on the ovice settings screen.

Articles in this section

See more