Configure SAML SSO With Google

Find out how to configure SAML (Security Assertion Markup Language) single sign-on for flair using your Google credentials.

If you want to enable your employees to be able to log in to their flair Employee Hub account with Google, you’ll need to add flair to your SAML apps in the Google Admin console. Simply follow these steps.


Manual Hub Invitations

Please note that after enabling SAML you will no longer be able to invite employees to the Hub via Salesforce. All logins will be managed using Google.

  1. First, you need to go to your Google Admin console and select Apps.

  1. Next, click SAML apps.

  1. Now select Add App → Add custom SAML app.

  1.  Fill in the app details. We recommend naming it Employee Hub, as this name will be shown in the list of your SAML apps in the Google Admin console.

  1. Enter the following data:
  • ACS:
    Note: 'YOUR_INSTANCE' should be replaced with your domain name, which you can find in your Hub's URL.
  • Entity ID: hub
  • Name ID format: UNSPECIFIED
  • Name ID: Basic Information → Primary Email

  1. Click continue and choose mapping for email.

  1. Download the metadata. Now go to the flair HR app on Salesforce and open the App Launcher. Click on Hub SAML Configurations. Click New, give your configuration a name, and then enter the Entity ID, SSO URL, and Certificate that you received from Google.

  1. Now you can enable the configuration and start using the Hub with your subdomain