Before continuing, we recommend that you first read the SAML Single Sign-On (SSO) overview.
This article provides instructions for setting up Google Workspace (formerly called G Suite and Google Apps for Work) as your SAML Identity Provider (IdP). This allows your team to sign in to Pendo without a new email or password. Instead, internal users can sign in using their Google account.
For more guidance, see Google's Workspace Admin Help documentation: Set up you own custom SAML application.
Prerequisites
- SAML SSO Access included in your current Pendo Contract.
- An admin account in Google Workspace.
- A SAML admin who’s able to manage IdP metadata, provide SAML metadata, and make access decisions for the subscription.
Step 1. Set up the Pendo application in Google Workspace
Sign in to your Google admin console from http://admin.google.com. Then, in your Google Developer admin page:
- Open Apps > Web and mobile apps from the left-side menu.
- Open the Add app dropdown and select Add custom SAML app.
- On the App Details page:
- Enter “Pendo” as the name of the custom app.
- Upload the Pendo chevron as the app icon (optional). Drag the icon at the end of this article to your desktop so that you can upload it.
- Select Continue. This opens the Google Identity Provider details page in the Add custom SAML app workflow.
Step 2. Send the IdP metadata file to Pendo
In the Google Identity Provider details page of the Add custom SAML app workflow, select Download Metadata. This downloads an XML metadata file that you must then send to Pendo technical support. Technical support responds with URLs that are unique to your account. These are used in Step 3.
Step 3. Add values to the Pendo app in Google Workspace
After you receive a response from Pendo technical support, continue with the Add custom SAML app workflow.
- Select Continue to open the Service provider details page of the workflow.
- Enter the following information
-
ACS URL, which should look something like the following:
https://sso.connect.pingidentity.com/ssp/sp/ACS.saml?saasid=XXX
, whereXXX
is thesaasid
provided by Pendo technical support. - Entity ID, which should be PingConnect.
-
ACS URL, which should look something like the following:
- Select EMAIL as the Name ID format, and Primary Email as the Name ID.
- Select Continue. This opens the Attribute mapping page in the Add custom SAML app workflow, which you can skip.
- Select Finish.
Step 4. Turn the Pendo SAML app on
From your Google Developer admin page:
- Open Apps > Web and mobile apps from the left-side menu.
- Select the Pendo app that you created.
- Open User access.
- Select ON for everyone or On for some, depending on your setup.
- Select Save.
Notify Pendo technical support to let us know that you’re ready to turn on SAML login.
The Pendo chevron
Below is the pink Pendo chevron to add as your app icon in Step 1. The icon appears on the Web and mobile apps list, the app settings page, and the app launcher. If you don't upload an image for the icon, the icon is created using the first two letters of the app name in Google Workspace.