# Google Workspace

## Google Workspace Configuration

The first step regardless of installation method is to configure your SAML 2.0 identity provider using Google Workspace.

**(1) Login to Google Workspace**

Visit the Apps > Web and Mobile Apps screen.

![](https://3357255970-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fb7weUpu7VBcMnESSH8vG%2Fuploads%2FEA5pQohVpdN6gZQR0UWv%2FScreen%20Shot%202022-06-27%20at%2010.30.24%20AM.png?alt=media\&token=b4538c57-d391-45c8-81e2-fe33b2b7d465)

**(2) Select "Add App" and select "Add Custom SAML App".**

Enter an application name and description. You can also upload a Keeper Connection Manager logo. The image logo is here:

{% file src="<https://3357255970-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fb7weUpu7VBcMnESSH8vG%2Fuploads%2FHCyOTc8a3BnJMQcF1fEk%2Fkcm-logo-144-transparent.png?alt=media&token=a2e9bbab-e3dd-40ff-a14e-f79b90d3520a>" %}
KCM Logo
{% endfile %}

![](https://3357255970-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fb7weUpu7VBcMnESSH8vG%2Fuploads%2FHGCUhoUIRSWVyDy5e9rK%2FScreen%20Shot%202022-06-27%20at%2010.55.40%20AM.png?alt=media\&token=c0e2f010-f4e7-4d81-bb65-428cfff162e6)

Click Continue.

**(3) Download the metadata.xml file**

...and then click Continue

![Download Metadata](https://3357255970-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fb7weUpu7VBcMnESSH8vG%2Fuploads%2F0A4VBjBMyKAa1FxqQypf%2FScreen%20Shot%202022-06-27%20at%2010.57.03%20AM.png?alt=media\&token=fe253350-5f1c-46df-a35d-8aa9db667376)

**(4) Configure the SAML Settings**

Update 3 fields: ACS URL, Entity ID and Name ID format.

* The ACS URL needs to start with your Keeper Connection Manager domain followed by "`/api/ext/saml/callback`".
* The Entity ID is just the Keeper Connection Manager domain.
* The Name ID format must be EMAIL

Click Continue.

![](https://3357255970-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fb7weUpu7VBcMnESSH8vG%2Fuploads%2FeFGCtDw4yM1KmtZ3rQuY%2FScreen%20Shot%202022-06-27%20at%2011.00.23%20AM.png?alt=media\&token=6b157138-c864-4a0a-973f-eb2df1cb594f)

**(5) Assign group membership (Optional)**

You can now assign Group Membership to the Keeper Connection Manager application, which is optional. If you would like to assign a group, make sure that the "App Attribute" is **`groups`** (lowercase). Then click FINISH.

![Group membership](https://3357255970-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fb7weUpu7VBcMnESSH8vG%2Fuploads%2FfHdHy6LrLhPS3LwGksSe%2FScreen%20Shot%202022-06-27%20at%2011.05.42%20AM.png?alt=media\&token=a41121c8-de0d-46e7-8023-58cdcfb69368)

{% hint style="info" %}
Google Group to Keeper Connection Manager Group mapping is through the Group Name. If the Keeper Connection Manager contains a Group that has the name corresponding to the Google Group Name, the user will receive all Keeper connections assigned to that user group.
{% endhint %}

**(6)** **Enable Access**

After creating the SAML app, it is not yet active for all users. To enable access, click on View details and turn the application ON.

![Enable User Access](https://3357255970-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fb7weUpu7VBcMnESSH8vG%2Fuploads%2FBRUBaW3e48j6aLXP9XoZ%2FScreen%20Shot%202022-06-27%20at%2011.06.14%20AM.png?alt=media\&token=7aadb7b0-013a-429f-8201-d6085ee16fe4)

![Turn KCM On](https://3357255970-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fb7weUpu7VBcMnESSH8vG%2Fuploads%2FVijJULj8ggpFhrDnDcb0%2FScreen%20Shot%202022-06-27%20at%2011.10.04%20AM.png?alt=media\&token=65fdac17-f4ff-413b-8b57-10523fcedee2)

The Google Workspace side of the setup is complete. Note if you change anything, you need to re-download a new metadata.xml file.