In Favro, navigate to Administration > Authentication methods > Single Sign-On settings > Configure.

​

Input the domain you want to use for SAML authentication and click on Add domain to continue.

​

Follow the on-screen instructions in Favro to complete the domain verification process.
​

In Google Workspace, navigate to Apps > Web and mobile apps > Add app > Add custom SAML app.

​

Define the app name and proceed to the second step.
​

While on the Step 2, copy:
• SSO URL from Google Workspace and paste it to SAML login url in field Favro.
• Certificate from Google Workspace and past it to SAML identity provider certificate field in Favro.
• The Entity ID field will not be used.
​

and Continue.
​
​

On the next screen, fill in:
• ACS URL: https://favro.com/saml/assert
• Entity ID: https://favro.com/saml/metadata.xml
​
Make sure Name ID settings are configured as follows:
• Name ID format is set to EMAIL.
• Name ID is set to Basic information > Primary email
​

​

Finish the setup.
​

​

Make sure the SAML integration app you just created is enabled for the correct users and groups. In the example below, we have enabled the integration for all users.

​

​

Save the changes and test the SAML integration.

In Google Workspace navigate to Directory > Users > More Options > Manage custom attributes.
​

Next, click ADD CUSTOM ATTRIBUTE.
​

Populate the fields:
- Category: Favro
- Name: favroRole
- Info type: Text
- Visibility: Visible to user and admin
- Number of values: Single value
​
and click ADD.
​

Navigate to Apps > Web and mobile apps > Favro SAML app we have created earlier > SAML attribute mapping and add the following mapping: Favro > favroRole -> favroRole.

​SAVE the changes.
​

To assign role to users, we can now edit user's profile directly in the Google Workspace. Navigate to Directory > Users > Open the user you wish to edit > Expand the User information section > edit the favroRole value.
​

The user will be assigned their new role in Favro on the next login.