Skip to main content

Google SAML

Learn how to set up single sign-on with Google app.

Ilya Krukowski avatar
Written by Ilya Krukowski
Updated over a week ago

This feature is available only on the Enterprise plan and can be purchased as an add-on on the Pro plan.

In this article you'll learn how to set up single sign-on with Lokalise and Google.

Here's a short video that can help you get started:

Configuration on Lokalise

To get started, log into Lokalise, click on the avatar in the bottom left corner and choose Team settings:

Accessing Team settings

Then, proceed to the Advanced security tab and tick the Enable SSO field:

Enabling SSO

  • Team's domain: Enter your full Google domain (e.g., example.com).

  • SAML 2.0 Endpoint (HTTP): Paste the SSO URL from your Google SAML app configuration. Example: https://accounts.google.com/o/saml2/idp?idpid=123abc. (See the next section for details.)

  • Identity Provider Issuer: Use the Entity ID from the Google SAML setup page.
    Example: https://accounts.google.com/o/saml2?idpid=123abc

  • Public Certificate: Copy the value from the Certificate field in your Google SAML app setup. It must begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  • Sign AuthnRequest: Not typically required. If needed, enable this setting in Lokalise, then copy the Service provider Public Certificate from Lokalise into a .crt file and import it into the required service.

Reconfiguring same SSO domain for another team

If you need to reconfigure the same SSO domain for another Lokalise team, please follow these steps:

  1. Empty all fields within Single sign-on (SSO) section of the Advanced security tab.

  2. Uncheck Enable SSO setting.

  3. Click on Save.

  4. Proceed with configuring SSO for the other Lokalise team.


Configuration on Google

After updating your SAML app settings in Google Workspace, allow a few minutes for changes to propagate before testing SSO login with Lokalise.

Step 1: Create the SAML app

  1. Go to admin.google.com.

  2. Navigate to Apps > Web and mobile apps > Add app > Add custom SAML app.

  3. Enter a name for your app. Optionally, upload an icon.

  4. Youโ€™ll now see the SSO configuration screen.

Copy the following values from the Google SAML app to Lokalise:

  • SSO URL โ†’ Paste into the SAML 2.0 Endpoint (HTTP) field.

  • Entity ID โ†’ Paste into the Identity Provider Issuer field.

  • Certificate โ†’ Paste into the Public Certificate field.

Step 2: Service provider details

Switch to the Service provider details tab and fill in:

  • ACS URL: Copy the ACS URL Preview from your Lokalise SSO settings.

  • Entity ID: Enter https://lokalise.com

  • Name ID format: Select Email. The identifier must be unique, stable, and pseudo-random (e.g., employee ID or primary email).

Step 3: Attribute mapping

Click Add mapping and add the following fields:

Google directory attribute

App attribute

Basic information > First name

first_name

Basic information > Last name

last_name

Basic information > Primary email

User.Email

Step 4: Finish setup

Click Finish to complete the app creation.


Logging in with SSO

Once everything is set up, proceed to https://app.lokalise.com/sso and enter user email associated with the Google domain. Upon the first log in, you'll be asked to confirm your email:

View confirmation email

Did this answer your question?