Google GSuite SAML Setup
Create a new SAML configuration in Kasm
Log into the Kasm UI as an administrator.
Select Authentication -> SAML -> Create New Configuration
The SAML 2.0 Configuration page will auto-generate the Entity ID, Single Sign On Service, Single Logout Server, and Relay State values.
Check Enable and enter a Display Name. e.g (Gsuite)
Update the following Settings
Setting |
Value |
NameID Attribute |
emailAddress |
Want Attribute Statement |
Unchecked |
Want Message Signed |
Checked |
Want Name ID |
Checked |
Signature Algorithm |
rsa-sha256 |
Digest Algorithm |
sha256 |
Leave this page open and continue to the next steps.
Add a new application in GSuite
Open the Google Admin Admin Console and Select Apps.
Google Portal
Select SAML apps.
SAML Apps
Click the Plus button to add a new SAML App
Add Applications
Click Setup My Own Custom App
Setup Custom App
Copy the Google IdP entries to the Identity Provider section of the Kasm SAML Configurations started in the previous section.
Kasm Property Name |
GSuite Property Name |
Entity ID |
Entity ID |
Single Sign On Service |
SSO URL |
Google IdP Information
Click Download to download the Certificate from the Google IdP Information form. Open the certificate file in a text editor. Copy the contents and paste into the x509 Certificate in the Identity Provider provider section of the Kasm SAML Configuration
Identity Provider Configuration
Click Next in the Google IdP Information window to be taken to the Basic Information for your Custom App section. Enter an Application Name (e.g Kasm) and click Next
Basic Information
Copy the Kasm SAML configurations from the Service Provider section into the Service Provider Details section.
Kasm Property Name |
GSuite Property Name |
Entity ID |
Entity ID |
Single Sign On Service |
ACS URL |
https://<server-url>/#/staticlogin
e.g |
Start URL |
Ensure the following settings are configured in the GSuite Service Provider Details . Select Next
Setting |
Value |
Signed Response |
Checked |
Name ID |
Basic Information / Primary Email |
Name ID Format |
Service Provider Details
No additional configurations are needed on the Attribute Mapping page . Select Finish
Review the final Kasm SAML Configuration form. Click Sumbit to save.
Enabling Access for Users
Once the Kasm SAML app is configured in GSuite, access must be grated to Google users.
From the Google Admin Admin Console Select Apps -> SAML Apps -> Kasm
Select Edit Service
Edit Service
Select All users in this account or the desired Organizational Units Groups, Select ON for everyone and click Save
Giving App Access
Mapping Users
At this time GSuite does not allow group membership to be passed in SAML assertions. However Kasm Workspaces has an option that allows automatically mapping every user that authenticates against a SAML IDP to a Kasm group.
Log into the Kasm UI as an administrator.
Select Groups then click Create New Group.
Enter a Name and Priority.
Save the new group by clicking Submit.
On the groups screen, using the three dot menu select View on the group that was just created.
Scroll to the bottom of the screen and select Add SSO Mapping.
Select the SAML IDP that was created above e.g. “SAML - Gsuite” for the SSO Provider.
Check the Assign All Users check box.
Click Add.
Login via SAML, notice the users is automatically placed in the Kasm group.
Testing Access
Log out of the Kasm UI if already logged in.
Navigate to the Kasm UI login page.
Kasm Login
Click Gsuite to initiate the SAML SSO process.
Google Login
After logging in, you should be redirected to the Kasm UI Dashboard
From another browser, login to Google. Click the Google Apps icon in the top right corner. Scroll down and click Kasm. You should be logged into the Kasm UI Dashboard.
