Skip to content
  • There are no suggestions because the search field is empty.

Single Sign On (SSO) set up for Google Workspace

The following article provides step-by-step instructions on how to set up Google Workspace as an SSO provider with your organization's Nitro Account.

Steps to set up Google Workspace as a SAML identity provider (IdP):

Step 1: Set up Google as a SAML identity provider (IdP):
  1. Sign-in to your Google Admin console using an account with super administrator privileges.
  2. From the Admin console Home page, go to Apps:
 
User-added image


 
  1. Then Select Web and mobile apps:
 
User-added image


 
  1. Click Add App > Add custom SAML app:
 
User-added image


 
  1. On the App Details page:
    1. Enter the name of the custom app - e.g. NitroPDF or NitroSign
    2. (Optional) Upload an app icon. The app icon appears on the Web and mobile apps list, on the app settings page, and in the app launcher. If you do not upload an icon, an icon is created using the first two letters of the app name:
 
User-added image


 
  1. Click Continue.
  2. On the Google Identity Provider details page, copy the SSO URL and Entity ID and download the Certificate:
 
User-added image


 
  1. In a separate browser tab or window, sign-in to Nitro Admin Portal https://admin.gonitro.com and follow the instructions listed here: https://www.gonitro.com/user-guide/admin/article/single-sign-on-overview, then return to the Admin console.
  2. Click Continue.
  3. In the Service Provider Details window,
    1. ACS URL: Copy and Paste the ACS URL, from Nitro Admin Portal. It should have the following pattern:  https://gonitro-prod.eu.auth0.com/login/callback?connection=<environment> or https://auth.gonitro.com/login/callback?connection=<environment>
    2. Entity ID: Copy and Paste the Entity ID, from Nitro Admin Portal. It should have the following pattern: urn:auth0:gonitro-prod:<environment>
    3. Start URL: Type the URL: https://sso.gonitro.com/login
  4. Leave the Name ID section to default values i.e. NAME ID Format: ENTITY and Name ID: Basic Information > Primary email
  5. Click Continue.
  6. On the Attribute mapping page, click Add another mapping to map additional attributes.
  7. Under Google Directory attributes, click the Select field menu choose a field name.
  8. Under App attributes, map the attributes as below:
 
Google directory attribute
NitroPDF attribute
Basic Information > Primary Email
email
Basic Information > First Name
name
Basic Information > First Name
given_name
Basic Information > Last Name
family_name
 
  1. Click Finish.

Step 2: Turn on your SAML app:
  1. Sign-in to your Google Admin console using an account with super administrator privileges.
  2.  From the Admin console Home page, go to Apps > Web and Mobile apps
  3. Select the NitroPDF app.
  4. Click User access.
  5. To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
  6. (Optional) To turn a service on or off for an organizational unit:
  7. At the left, select the organizational unit.
  8. Select On or Off.
  9. Click Override to keep your setting if the service for the parent organizational unit is changed.
  10. If Overridden is already set for the organizational unit, choose an option:
  • Inherit?Reverts to the same setting as its parent.
  • Save?Saves your new setting (even if the parent setting changes).
  1. To turn on a service for a set of users across or within organizational units, select an access group. For details, go to turn on a service for a group.
  2. Ensure that the email addresses your users use to sign-in to the Nitro match the email addresses they use to sign-in to your Google domain.
Changes typically take effect in minutes but can take up to 24 hours. For details, go to How changes propagate to Google services.

Step-3: Verify that SSO is working with your custom app:

You can test both Identity Provider (IdP) initiated SSO, and (if your app supports it) Service Provider (SP) initiated SSO.
IdP-initiated:
  1. Sign-in to your Google Admin console using an account with super administrator privileges.
  2.  From the Admin console Home page, go to Apps > Web and Mobile apps
  3. Select the NitroPDF app.
  4. At the top left, click Test SAML login.
  5. Nitro Sign Portal Login should open in a separate tab. If it does not, use the information in the resulting SAML error messages to update your IdP and SP settings as needed, then retest SAML login.
SP-initiated:
  1. Open the URL https://cloud.gonitro.com/
  2. Type in your Username, you should be automatically redirected to the Google sign-in page.
  3. Enter your username and password.
  4. After your sign-in credentials are authenticated, you will be automatically redirected back to Nitro Cloud Home page.


By following the steps above, users can successfully set up Google Workspace as their IdP and enable Single Sign On with Nitro.

For additional support or to report issues: