All Collections
Start using
Authentication and SSO
Google Workspace SSO Configuration Guide
Google Workspace SSO Configuration Guide

Start using Google to login securely into

Updated over a week ago


The team will provide you the following values during the setup:


  • Entity ID

In order to complete the configuration, you will need to provide the following information (or the Metadata file provided by Google, see below):

  • Identity Provider Single Sing-On URL

  • X.509 Certificate

Configuration Steps

To begin, from within the Admin Console, go to Apps > Web and mobile apps.

  1. Click Add app > Add custom SAML app

  2. In Step 2, download the Metadata file and share it with your Lang account manager

  3. In Step 3, configure the service provide details:

    1. ACS URL: Use the value provided by

    2. Entity ID: Use the value provided by

    3. For Name ID format, select "EMAIL"

    4. For Name ID, select "Basic Information > Primary email"

  4. In Step 4, click on Add Mapping and select:

    1. Set "Google Directory attributes" to Primary email

    2. Set "App attributes" to emailaddress

  5. Click Finish

  6. In your Google Workspace admin, make sure to give access to this app to the relevant users

Once the connection is configured, your account manager will contact you to configure the first admin user for your team. By default, all SSO users are created with the "member" role.

Testing your connection

Once you configured the connection successfully, follow these steps to test the connection:

  1. Navigate to your tenant URL: US, EU, or your custom single-tenant URL.

  2. Write your email in the log in screen

  3. You will be redirected to log in with Google

  4. The browser will be redirected back to the application and be automatically logged in. If it it's the first time the user logs in, then the user it will be created in with the "member" role.


Here is a list of the frequently asked question regarding our SSO integration:



My organization uses an identity service provider (IdP) that's not in the list above. Will it be supported?

If your IDP provides a SAML metadata URL for dynamic configuration, you can follow the same setup steps as above. Please contact support for SAML configuration assistance for other IDPs.

How does Lang SAML SSO handle user provisioning?

Lang supports Just-in-Time (JIT) provisioning โ€” the user is created the first time it completes the first login into Lang. The default role for these users is the "member" role. We don't currently support user provisioning with SCIM.

Does Lang SAML SSO support Single Logout?

Not at this time. If Single Logout is important to you, please contact our support team to let us know. Take into account that users are logged out after 30 minutes of inactivity. We also have an absolute logout for users every 12 hours.

What version of SAML does Lang support?

We currently support SAML v2.0.

Did this answer your question?