Articles in this section

Setting up SSO with Google Workspace

Nathalie
  • Updated
Follow

Our integration with Google Workspace allows your team to log in to Leapsome with their Google Account - without setting up a new password. With Google Workspace, you have two options to simplify the login process for your team: 'Sign in with Google (OAuth2)' and 'Single Sign-On (SAML)'. In the following, we will explain the two options and the respective setup procedures.

General requirements

To use the option to log in to Leapsome with Google Workspace, please make sure that you meet the following requirements: 

  • You have set up a Leapsome Account for all relevant colleagues.
  • The Google Workspace email address matches the email of the Leapsome Account.

Setting up 'Sign in with Google' (OAuth2)

The option to sign in with Google does not require a setup on your end and can be used as soon as the user's Leapsome Account has been created. On the Leapsome login page, just select 'Sign In with Google' to log in. You may be asked to enter your Google Workspace password for the first login within a popup window. This is the easiest and fastest procedure to enable your team to log in to Leapsome with their Google Account. 

oAuth2_with_Google.png

Setting up SSO with Google Workspace (SAML)

You also have the option to set up SAML-based SSO for Leapsome using Google Workspace. This option is especially interesting if you want to use Google Workspace as your Identity Provider. To set this up, please follow the steps in this article by Google. Please paste the SSO Login URL and Certificate provided by Google Workspace in Leapsome by visiting Settings > Integrations > Single Sign-On (SSO) or clicking here. Please note, that users will still be able to use the 'Sign In with Google' (oAuth2) option, even when SAML-based SSO is activated. 

Once set up, your users will need to enter their email address on the Leapsome login page. Then, instead of providing a password, a 'Sign in with Company SSO' button should appear. By clicking this button, your users now can log in to Leapsome without setting up a separate password.

SAML_with_Google.png

Additional customization

Enforce SSO

By default, users will always have the option to sign in with email and their Leapspome password, even if SSO is enabled. If you want to make sure that all users log in via the SSO flow, please navigate to SSO settings in Leapsome, tick the box 'Enforce SSO' and confirm by clicking 'Update SSO Settings'. 

Like that, all users within your account can only log in to Leapsome by using SSO. Please make sure that you set up SSO correctly for all users in your organization, as they otherwise won't be able to access Leapsome. 

Logging in without receiving an invitation

By default, users can only log in to Leapsome once they received an invitation to the platform. To reduce the workload on your end when onboarding users to Leapsome, you have a few options to make the invitation and signup process as smooth as possible.

1. Automate the invitation process using one of our HRIS integrations

If you are using an HRIS for provisioning users to Leapsome, you have the option to automatically send invitations to newly provisioned users. Like that, they will be able to use SSO from the get-go, if you have enforced SSO. 

2. Enable just-in-time-provisioning for your IDP

Some IDPs like Azure AD offer just-in-time provisioning for your user base. Like that, user profiles will be created immediately once a user from your organization tries to login to Leapsome. When JIT provisioning is enabled, it is not necessary to invite your users for them to be able to log in to Leapsome. Please note that JIT provisioning cannot be used, if you are also using an HRIS integration.

3. Reach out to us

If you fully want to avoid sending invitations, our Support team can switch off invitations for your account in the backend, so that login will be possible for all 'created' users. Please note that this is only possible, if all of your users use the same email-domain. If you want to learn more about this, contact our Support team from the 'Help' button in Leapsome. 

FAQs and Known Issues

As Leapsome does not support email aliases, please make sure that the email address in the Leapsome user account matches the primary email address in Google Workspace.

Please note, that even if you 'Enforce SSO', your users will still be able to log in using the OAuth2 Flow. 

Related articles

Comments

0 comments

Article is closed for comments.