All Collections
Google SAML SSO configuration
Google SAML SSO configuration

Better manage team access with Single Sign-On (SSO) and SCIM Provisioning functionality through Google.

Natalie Pabón avatar
Written by Natalie Pabón
Updated over a week ago

Customers can opt to use the simple Sign in with Google button (which requires no configuration in Rewatch), or a SAML integration.

SAML (Security Assertion Markup Language), an SSO standard, permits Google to safely pass authorization credentials to service providers like Rewatch. It enables centralized management with deeper administrative control than the simple Sign in with Google integration.

Google setup

These are instructions for setting up Rewatch SAML SSO with Google.

Setup the Rewatch app in Google

In the Google admin portal, select Apps -> Web and Mobile Apps from the left-side nav:

SAML apps

Next, select the Add App dropdown, and click Add custom SAML app:

New application

Type Rewatch as the name of the application and click Continue.

Copy the SSO URL and Certificate. Save these for later, you will need these to configure Rewatch. Note that you must use the copy buttons (two interlocking rectangles). If you select the text to copy manually, the data will truncated or contain extra characters (this applies to both the SSO URL and Certificate). Afterwards, click Continue.

Service provider details

Fill in the following information and click Continue:

  • ACS URL:

  • Entity ID:

  • Check Signed response Name ID format: EMAIL

  • Name ID: Basic Information > Primary email

Field mappings

Add the following field mappings and click Finish:

  • First name: first_name

  • Last name: last_name

  • Primary email: email

Please note that Google may show an error page after clicking Finish. If you wait 5-10 minutes and return to the web and mobile apps list, the app should be setup correctly. If the problem persists, please contact Google.

Rewatch setup

In Rewatch's admin console, click on the Single sign-on & provisioning link in the sidebar. Then click the button to configure SAML.

Next, fill out the configuration form to enable SAML:

  • Target URL: use Google's SSO URL

  • Certificate: use Google's provided certificate

  • Managed email domains: enter email domains that will redirect to Okta for sign in

Once enabled, you'll see a preview link that you can use for testing.


If you'd like to enforce SAML for sign in, you'll need to first sign in using SAML, then edit your SAML configuration to select your preferred enforcement policy.


We currently do not have a SCIM integration with Google, as they are no longer accepting new applications for their SAML/SCIM marketplace. Google also hasn't provided a method to configure generic SCIM apps.

Did this answer your question?