Skip to main content
Connect Google Workspace to ClosedLoop AI so workspace members sign in through your company’s Google identity provider.
Use the ClosedLoop AI values generated inside your workspace. They are region-aware and include the correct workspace entity ID.

What Google Workspace Manages

CapabilityDescription
SAML SSOMembers sign in to ClosedLoop AI through Google Workspace.
Just-in-time provisioningClosedLoop AI can create a Member account after Google verifies the user.
Admin-managed accessGoogle admins control who can use the ClosedLoop AI SAML app.

Prerequisites

  • A Google Workspace admin account with permission to create custom SAML apps.
  • A ClosedLoop AI workspace admin account.
  • Your ClosedLoop AI workspace ID. ClosedLoop AI shows this value during setup.

Setup Guide

  1. Sign in to ClosedLoop AI as a workspace admin.
  2. Go to Integrations > Google Workspace SSO.
  3. Keep this page open. You will copy the generated ACS URL and Entity ID into Google Admin.
  1. In Google Admin, go to Apps > Web and mobile apps.
  2. Click Add app > Add custom SAML app.
  3. Set the app name to ClosedLoop AI.
  4. Continue to the Google IdP details step.
  5. Copy the Google SSO URL and Entity ID.
  6. Download or copy the Google signing certificate.
Paste the generated ClosedLoop AI values into Google.
Google fieldValue
ACS URLThe ACS URL from ClosedLoop AI
Entity IDThe Entity ID from ClosedLoop AI
Start URLLeave blank
Signed responseOn
Name ID formatEMAIL
Name IDBasic Information > Primary email
Signed response must be enabled because ClosedLoop AI verifies the SAML response signature. Members start sign-in from the ClosedLoop AI email screen, then return to ClosedLoop AI after Google verifies them.
Add these attribute mappings in Google Admin.
Google directory attributeApp attribute
Basic Information > Primary emailemail
Basic Information > First namefirstName
Basic Information > Last namelastName
These defaults match the attribute fields shown in ClosedLoop AI.
  1. Return to Integrations > Google Workspace SSO in ClosedLoop AI.
  2. Paste the Google Entity ID.
  3. Paste the Google SSO URL.
  4. Paste the Google certificate.
  5. Keep Enable Google Workspace sign-in on.
  6. Keep JIT provisioning on if members should be created on first Google sign-in.
  7. Click Save Google Workspace setup.
In Google Admin, assign the ClosedLoop AI SAML app to the users or groups who should have access.Test with one user first. After confirming sign-in works, roll it out to the rest of the intended group.

Testing

After configuration:
  1. Assign a test user to the ClosedLoop AI SAML app in Google Admin.
  2. Open ClosedLoop AI and enter the test user’s email address.
  3. Confirm ClosedLoop AI redirects the user to Google.
  4. Complete Google sign-in.
  5. Confirm the user returns to ClosedLoop AI.

Troubleshooting

SymptomFix
Google sign-in succeeds but ClosedLoop AI rejects the responseConfirm Signed response is enabled in Google Admin.
The user is not allowed into ClosedLoop AIConfirm the user is assigned to the Google SAML app, and JIT provisioning is enabled or the user already exists in the workspace.
ClosedLoop AI does not find the user’s emailConfirm Google maps Basic Information > Primary email to the email app attribute.
The browser returns to the wrong regionRecopy the ACS URL and Start URL from the ClosedLoop AI workspace you are configuring.

Open ClosedLoop AI US

Configure Google Workspace SSO in a US workspace

Open ClosedLoop AI EU

Configure Google Workspace SSO in an EU workspace