Step 1: Create a SAML application within your Identity Provider.

Google SAML Setup

• Login to your Google Admin Console at https://admin.google.com/
• Browse to Apps → Web and Mobile Apps
• Click Add App → Add Custom SAML App
• Fill out the App Name to correspond to the MasterLibrary product and upload the image provided by MasterLibrary for the icon
  • 
• Service Provider Details - Select the dropdown arrow to show this section
  • Enter this for both the ACS URL and Entity ID
    • https://XXXXX.mlworkorders.com/MLSAMLConnect.aspx
      • Replace “XXXXX” with your custom MasterLibrary subdomain
  • For Name ID format select “Persistent” 
  • For Name ID select “Basic Information > Primary email”
• Attribute Mapping
  • You will map attributes here and they need to match exactly as entered below:
    • Basic Information - Primary Email
      • Email
    • Basic Information - Employee ID
      • Externalid
    • Basic Information - First name
      • FirstName
    • Basic Information - Last name
      • LastName
  • Group membership
    • It is required that you put the word "Group" in the "App attribute". List the Google Group(s) to determine which Google Group will have access to logging in via SAML. 
    • This is where you will select the Groups you want to pass through to automatically assign Role(s) to the Users within MasterLibrary.  This is a way to give Users some default roles and capabilities, especially if you segment within Groups in Google already.

Step 2: In Work Orders, configure SAML

1. Select Settings > Single Sign On > SAML Configuration. The SAML Integration Admin page appears.

2. Next to Google, click . A pop-up appears. 

   Note: You may see two rows for Google SAML, one with a checkbox in the For Mobile column and one without a checkbox in that column.  To set up the web app, select in the row without the For Mobile checkbox selected. To set up the mobile app, select in the row with the For Mobile checkbox selected.

3. Do the following:

   1. Under Entity ID, enter the Google Entity ID.

      Note: Enter https://XXXXX.mlworkorders.com/MLSAMLConnect.aspx. Replace “XXXXX” with your custom subdomain. This needs to match the ACS URL in the Google Admin Console.

   2. Under Issuer, enter your Google issuer URL. 

      Note: You can copy the issuer URL from Google Admin Console. In Service Provider Details, click Manage Certificates, copy the Entity ID field and paste it here.

   3. To let users sign in with Google option on the login page, enter the Login Link.

      Note: To obtain this, click the Google apps icon (). Right-click the SAML app for IT Asset Manager, click Copy Link Address, and then paste the link.

   4. Under Certificate, enter the certificate.

      Notes: You download this from Google, then enter it here. On the certificate, remove ---Begin Certificate--- and ---End Certificate---.

4. Click Save.

Step 3: Set default Roles for Users who login via SAML.

Once you log in to your MasterLibrary product you will navigate to Settings → Single Sign On → SAML Group Settings.  From there, you will configure the SAML Groups you indicated in Step 1 and what default set of Roles you want to give to Users within that Group.

Note: You can create as many SAML Groups as you’d like, and each time a User logs in they will get whatever Roles you indicate on all of the Groups they are a part of.  You can also manage additional Roles within MasterLibrary as usual, but you can not remove these default ones so make sure they apply to all users within the group.

For Google: Group Name field will be the Group Names established in Step 1