Go to Lokalise
All Collections
Manage teams, users, and groups
Single sign-on
Google SAML

Google SAML

Learn how to set up single sign-on with Google app.
Ilya avatar
Written by Ilya. Updated over a week ago

This feature is available only on the Enterprise subscription plan.

In this article you'll learn how to set up single sign-on with Lokalise and Google.

Here's a short video that can help you get started:

Index

Configuration on Lokalise

To get started, log into Lokalise, click on the avatar in the bottom left corner and choose Team settings:

Then, proceed to the Advanced security tab and tick the Enable SSO field:

  • Team's domain — enter your Google domain.

  • SAML 2.0 Endpoint (HTTP) — enter SSO URL from the Google SAML app creation page for example https://accounts.google.com/o/saml2/idp?idpid=123abc. Check the next section to learn more.

  • Identity Provider Issuer — enter the Entity ID value from the Google SAML app’s creation page, for example https://accounts.google.com/o/saml2?idpid=123abc.

  • Public Certificate — copy this value from the Certificate field when creating a new SAML app on Google. Must begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  • Sign AuthnRequest is not usually required. If you do need this feature, then tick the corresponding field and copy certificate from Service provider Public Certificate field on Lokalise, and then save it to an .crt file. Then you can import this file to a necessary service.

If you need to reconfigure the same SSO domain for another Lokalise team, please follow these steps:

  1. Empty all fields within Single sign-on (SSO) section of the Advanced security tab.

  2. Uncheck Enable SSO setting.

  3. Click on Save.

  4. Proceed with configuring SSO for the other Lokalise team.

Configuration on Google

Proceed to admin.google.com, click Add app > Add custom SAML app.

  • Enter you app name.

  • Optionally, upload your app's icon.

  • You'll be presented with the SSO configuration:

    • SSO URL — paste this value into the SAML 2.0 Endpoint (HTTP) field on Lokalise.

    • Entity ID — paste this value into the Identity Provider Issuer field on Lokalise.

    • Certificate — paste this value into the Public Certificate field on Lokalise.

  • Next, proceed to the Service provider details tab. Fill in the following fields:

    • ACS URL — copy the ACS URL Preview value from Lokalise.

    • Entity ID — enter https://lokalise.com

    • Name ID format — choose email. Must be unique, pseudo-random, and will not change for the user over time — like an employee ID number.

  • Next, set up Attribute mapping. Click Add mapping and add the following:

    • Basic information > First name and enter first_name as the app attribute.

    • Basic information > Last name and enter last_name as the app attribute.

    • Basic information > Primary email and enter User.Email as the app attribute.

  • Click Finish to complete the app creation.

Logging in with SSO

Once everything is set up, proceed to https://app.lokalise.com/sso and enter user email associated with the Google domain. Upon the first log in, you'll be asked to confirm your email:

Did this answer your question?