Google GSuite SAML Setup

Create a new SAML configuration in Kasm

  1. Log into the Kasm UI as an administrator.

  2. Select Authentication -> SAML -> Create New Configuration

  3. The SAML 2.0 Configuration page will auto-generate the Entity ID, Single Sign On Service, Single Logout Server, and Relay State values.

  4. Check Enable and enter a Display Name. e.g (Gsuite)

  5. Update the following Settings



NameID Attribute


Want Attribute Statement


Want Message Signed


Want Name ID


Signature Algorithm


Digest Algorithm


  1. Leave this page open and continue to the next steps.

Add a new application in GSuite

  1. Open the Google Admin Admin Console and Select Apps.


Google Portal

  1. Select SAML apps.



  1. Click the Plus button to add a new SAML App


Add Applications

  1. Click Setup My Own Custom App


Setup Custom App

  1. Copy the Google IdP entries to the Identity Provider section of the Kasm SAML Configurations started in the previous section.

Kasm Property Name

GSuite Property Name

Entity ID

Entity ID

Single Sign On Service



Google IdP Information

  1. Click Download to download the Certificate from the Google IdP Information form. Open the certificate file in a text editor. Copy the contents and paste into the x509 Certificate in the Identity Provider provider section of the Kasm SAML Configuration


Identity Provider Configuration

  1. Click Next in the Google IdP Information window to be taken to the Basic Information for your Custom App section. Enter an Application Name (e.g Kasm) and click Next


Basic Information

  1. Copy the Kasm SAML configurations from the Service Provider section into the Service Provider Details section.

Kasm Property Name

GSuite Property Name

Entity ID

Entity ID

Single Sign On Service


https://<server-url>/#/staticlogin e.g https://kasm.server/#/staticlogin

Start URL

  1. Ensure the following settings are configured in the GSuite Service Provider Details . Select Next



Signed Response


Name ID

Basic Information / Primary Email

Name ID Format



Service Provider Details

  1. No additional configurations are needed on the Attribute Mapping page . Select Finish

  2. Review the final Kasm SAML Configuration form. Click Sumbit to save.


Enabling Access for Users

Once the Kasm SAML app is configured in GSuite, access must be grated to Google users.

  1. From the Google Admin Admin Console Select Apps -> SAML Apps -> Kasm

  2. Select Edit Service


Edit Service

  1. Select All users in this account or the desired Organizational Units Groups, Select ON for everyone and click Save


Giving App Access


At this time GSuite does not allow group membership to be passed in SAML assertions. Therefore, automatic mapping of Google groups to Kasm groups is not supported.

Testing Access

  1. Log out of the Kasm UI if already logged in.

  2. Navigate to the Kasm UI login page.


Kasm Login

  1. Click Gsuite to initiate the SAML SSO process.


Google Login

  1. After logging in, you should be redirected to the Kasm UI Dashboard

  2. From another browser, login to Google. Click the Google Apps icon in the top right corner. Scroll down and click Kasm. You should be logged into the Kasm UI Dashboard.
