Single Sign On: Google Workplace

Officebooking supports Single Sign On (SSO) logins through SAML 2.0 when you’re on the Business Plus, Enterprise edition or subscribed to SSO in combination with any other subscription. SSO lets users log in to all their enterprise cloud applications using their managed Google account credentials, follow the steps below.

 

Step 1: Access to OfficeAdmin and Google Admin environment

This guide assumes someone in your organization (or Officebooking Support) has already created an Admin account for you. This account will give you access to the OfficeAdmin portal.

Next, you’ll need administrative access to your company Google Admin environment. Once you’ve gained access to both environments you can start implementing the integration.

 

Step 2: Set identifier in the OfficeAdmin

  1. Login to the OfficeAdmin portal and go to the ‘Settings’ page in your menu. Open the tab ‘Integrations’.
  2. Here you choose the ‘Single Sign On’ option.
  3. First select ‘Google’.
  4. Enter an SSO id that resembles your company name. The name ‘Wilderman’ in the screenshot below is an example.
  5. The SSO id is included in the SSO metadata URL which will be created later in the process. 
  6. Leave the OfficeAdmin tab open and go to the next step.

 

Step 3: Set up your own custom SAML app

  1. Log in to your Google Admin console. Log in using an account with super administrator privileges (this should not end with @gmail.com).
  2. From the Admin console Home page, go to ‘Apps’ > ‘Web and mobile apps’.
  3. Click ‘Add App’ > ‘Add custom SAML app’.
  4. On the App details page, enter the name of the custom app, for example Officebooking SSO.
  5. (Optional) Upload an app icon. The app icon appears on the Web and mobile apps list, on the app settings page, and in the app launcher. If you don’t upload an icon, an icon is created using the first two letters of the app name.
  6. Select ‘Continue’.
  7. On the Google Identity Provider details page, save the ‘SSO URL’ and ‘Entity ID’ and download the ‘Certificate’. Also download the metadata document. This is necessary for later configuration in the OfficeAdmin portal.




  8. Select ‘Continue’.
  9. In the ‘Service Provider Details’ window, enter the ‘ACS URL’. Copy the url below and replace the SSO id with the id you’ve created in step 2.

    ACS URL: https://login.officebooking.net/sso/access/[your own created SSO id]/consume

  10. Next enter the Entity ID: 

    Entity ID: https://login.officebooking.net/sso/access/[your own created SSO id]/metadata



  11. The Name ID is the primary identifier for your users. Set the Name ID format to EMAIL. Select as default Name ID’  ‘Basic Information>Primary Email’. 
  12. Select ‘Continue’.

 

Step 4: Attribute mapping

Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at Officebooking. 

  1. Select ‘ADD MAPPING’ to add the mandatory attributes.
  2. Select  ‘Basic Information > First name’.
  3. Enter ‘givenname’ as attribute
  4. Select ‘Basic Information > Last name’
  5. Enter ‘surname’ as attribute
  6. Select ‘Basic Information > Primary email’ 
  7. Enter ‘Name ID’
  8. Select ‘Finish’.

 

Step 5: Turn on your SAML app and enable user access

  1. Go back to the Admin console Home page.
  2. Go to ‘Apps’ > ‘Web and mobile apps’.
  3. Select your previously created Officebooking SAML app.
  4. Select ‘User access’.

To turn on or off a service for everyone in your organization, select ‘On for everyone’ or ‘Off for everyone’, and then select ‘Save’.

To turn on a service for a set of users across or within organizational units, select an access group. For details, go to turn on a service for a group.

Ensure that the email addresses your users use to sign in to the SAML app match the email addresses they use to sign in to your Google domain.
Changes typically take effect in minutes, but can take up to 24 hours. For details, go to How changes propagate to Google services.  

 

Step 6: Enter metadata URL in the OfficeAdmin

  1. Go back to your previously opened browser tab of the OfficeAdmin. You should still be in the ‘Integration’ tab, where you left off in step 2.
  2. Open the metadata.xml document you downloaded in step 3.
  3. Enter the metadata information to the OfficeAdmin like instructed below.
  4. Then select ‘Save’

    SSO id: enter your previously chosen sso id (step 2). This should resemble your company name.
    SSO metadata url: enter the url you’ve saved in step 2. You can also get this from the metadata document, the information after ‘Location’.
    IDP Entity ID: enter the id you’ve saved in step 2. You can also get this from the metadata document, the information after ‘EntityID’.
    IDP Certificate: enter the code you’ve saved in step 2. You can also get this from the metadata document, the code in between the ‘Certificate’ tag.
    Name identifier format: enter the identifier from the metadata document, the information after the tag ‘md:NameIDFormat’.

 

Step 5: Start testing

  1. Make sure you add yourself or some users to the user group entitled to use the Officebooking app (step 5).
  2. To test the SSO integration, open the mobile app or web app.
  3. you log in by selecting the button ‘Login with SSO’. You’ll need to enter the three letter Company code that you/is created for your company. You can find this in the OfficeAdmin on the Settings page (Settings > General > Tag prefix). The company code could for example be WIL for Wilderman.
  4. You’ll be redirected to your Google login page. Enter a valid user name and password. You’ll be validated by Google and successfully logged in at Officebooking via SSO. 

Once a user logs in via SSO, the Officebooking system will automatically save the user and its account settings. This user account can now also be edited by an Admin via the OfficeAdmin.