Using Google Workspace (G Suite) as your identity provider


To connect BigAnimal to Google Workspace's identity provider, you must have:

Set up BigAnimal with Google Workspace's identity provider

Open the link in the email sent from to access the Set Up Identity Provider page in BigAnimal.

  1. In a separate browser tab or window, log into the Google Workspace Admin console.

  2. Select Applications, and then select Web and mobile apps:

  3. Select Add App, and then select Add custom SAML app.

  4. On the App Details page, enter a name for your application.

  5. Select Continue.

  6. On the Google Identity Provider details page, note the Single Sign-On URL (SSO) URL and Entity ID and download the (signature) certificate (or SHA-256 fingerprint). You will need this information and the file while configuring BigAnimal later in this procedure.

  7. Select Continue.

  8. The Service Provider Details page opens.

  9. Switch to the BigAnimal browser tab.

    1. Copy and paste the following information from the Connection Info tab on the Set Up Identity Provider page to the Service Provider Details tab in Google:

      Copy from BigAnimalPaste in Google
      Audience URIEntity ID
      Assertion Consumer Service URLACS URL

      The ACS URL has to start with https://.

  10. Switch to the Google Admin console tab.

  11. Check the Signed Response box so that the entire SAML authentication response is signed.

  12. From the Name ID format menu, select EMAIL. From the Name ID menu, select Primary email.

  13. Select Continue.

  14. On the Attribute mapping page, select Add another mapping to map additional attributes.

  15. Under Google Directory attributes, use the Select field menu to choose the following field names and enter the corresponding App attributes.

    Google Directory AttributesApp attributesNote
    Primary email<assertion_path>/emailaddressRequired claim
    First Name<assertion_path>/givennameAdditional claim
    Last Name<assertion_path>/surnameAdditional claim

    Where <assertion_path> is

  1. Click Finish.

  2. By default, SAML Apps are turned off for everyone.

  3. Select your SAML app and select User access to assign people or groups to the newly created application. If you need to sign into BigAnimal, be sure to assign yourself.

  4. Switch to the BigAnimal browser tab. On the Setup Config tab on the Set Up Identity Provider page:

    1. Paste the Identity Provider Single Sign-on URL you copied from Google into the Single Sign-On URL field.
    2. For Identity Provider Signature Certificate, upload the (signature) certificate downloaded from Google.
    3. Select the appropriate method for Request Binding. BigAnimal supports HTTP-POST, HTTP-Redirect, and Hybrid.
    4. Select the appropriate value for Response Signature Algorithm. BigAnimal supports rsa-sha256 and rsa-sha1.
    5. Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.