Documentation
Workspace
Single Sign-on
Google Workspace

Google Workspace

Cube Cloud supports authenticating users through Google Workspace, which is useful when you want your users to access Cube Cloud using single sign on. This guide will walk you through the steps of configuring SAML authentication in Cube Cloud with Google Workspace. You must be a super administrator in your Google Workspace to access the Admin Console and create a SAML integration.

Single sign-on with Google Workspace is available in Cube Cloud on Enterprise and above (opens in a new tab) product tiers.

Enable SAML in Cube Cloud

First, we'll enable SAML 2.0 authentication in Cube Cloud. To do this, log in to Cube Cloud and

  1. Click your username from the top-right corner, then click Team & Security.

  2. On the Authentication & SSO tab, ensure SAML 2.0 is enabled:

Cube Cloud Team Authentication and SSO tab

Take note of the Single Sign On URL and Service Provider Entity ID values here, as we will need them in the next step when we configure the SAML integration in Google Workspace.

Create a SAML Integration in Google Workspace

Next, we'll create a SAML app integration for Cube Cloud in Google Workspace (opens in a new tab).

  1. Log in to admin.google.com (opens in a new tab) as an administrator, then navigate to

    Apps → Web and Mobile Apps from the left sidebar.

  2. Click Add App, then click Add custom SAML app:

  1. Enter a name for your application and click Next. You can optionally add a description and upload a logo for the application, but this is not required. Click Continue to go to the next screen.
  1. Take note of the SSO URL, Entity ID and Certificate values here, as we will need them when we finalize the SAML integration in Cube Cloud. Click Continue to go to the next screen.
  1. Enter the following values for the Service provider details section and click Continue.
NameDescription
ACS URLUse the Single Sign On URL value from Cube Cloud
Entity IDUse the Service Provider Entity ID value from Cube Cloud

  1. On the final screen, click Finish.

  2. From the app details page, click User access and ensure the app is ON for everyone:

Enable SAML in Cube Cloud

In this step, we'll finalise the configuration by entering the values from our SAML integration in Google into Cube Cloud.

  1. From the same Authentication & SSO > SAML 2.0 tab, click the Advanced Settings tab:
  1. Enter the following values in the SAML Settings section:
NameDescription
Audience (SP Entity ID)Delete the prefilled value and leave empty
IdP Issuer (IdP Entity ID)Use the Issuer value from Google Workspace
Identity Provider Login URLUse the Sign on URL value from Google Workspace
CertificateUse the Signing Certificate value from Google Workspace
  1. Scroll down and click Save SAML 2.0 Settings to save the changes.

Test SAML authentication

To start using SAML authentication, use the single sign-on URL provided by Cube Cloud (typically <YOUR_CUBE_CLOUD_URL>/sso/saml) to log in to Cube Cloud.

Single Sign-onMicrosoft Entra ID