Skip to main content
Configure SSO for your Yasu workspace using Google Workspace as your identity provider.
Before starting, complete the generic SSO setup prerequisites and have the SAML configuration values from Yasu’s SSO page ready.
1

Create a custom SAML app

  1. Sign in to Google Admin Console
  2. Navigate to AppsWeb and Mobile Apps
  3. Click Add AppAdd custom SAML app
  4. Enter an app name (e.g., “Yasu”) and optionally upload a logo
  5. Click Continue
2

Download IdP metadata

On the Google Identity Provider details screen (step 2 of the wizard):
  1. Click Download Metadata to save the IdP metadata XML file
  2. Keep this file — you’ll need it when configuring Yasu
  3. Click Continue
Download the metadata now — you cannot retrieve it later without starting over.
3

Configure service provider details

  1. ACS URL → paste the ACS URL from Yasu’s SSO page
  2. Entity ID → paste the Entity ID from Yasu’s SSO page
  3. Name ID format → select EMAIL
  4. Name ID → select Basic Information > Primary email
  5. Click Continue
4

Configure attribute mapping

Set up attribute mapping as follows:
Google Directory attributeApp attribute
Basic Information > Primary emailemail
Basic Information > First namefirstName
Basic Information > Last namelastName
Optionally, add group membership:
  1. Click Add mapping under Group membership
  2. Select the groups to include
  3. Set the app attribute name to groups
Group membership mapping is required if you want to use role mapping to automatically assign Yasu roles based on Google Workspace groups.
Click Finish.
5

Enable the app

  1. On the app details page, go to User access
  2. Select the organizational units that should have access
  3. Set Service status to ON for everyone (or selected OUs)
  4. Click Save
6

Configure in Yasu

  1. In Yasu, go to IntegrationsSSO Configuration and click Configure SSO
  2. Select Google Workspace as the identity provider
  3. Enter your company domain
  4. Upload or paste the metadata XML you downloaded in Step 2
  5. Click Add Domain
Users in the enabled organizational units can now sign in to Yasu via SSO. New users will be automatically provisioned via JIT provisioning.

Attribute Mapping Reference

When configuring attribute mapping in Yasu for Google Workspace, use these values:
Yasu fieldGoogle attribute
Name attributename
Picture attributepicture
Groups/role attributegroups
These are auto-configured when you select Google Workspace as the identity provider during setup.