What Google Workspace Manages
| Capability | Description |
|---|---|
| SAML SSO | Members sign in to ClosedLoop AI through Google Workspace. |
| Just-in-time provisioning | ClosedLoop AI can create a Member account after Google verifies the user. |
| Admin-managed access | Google admins control who can use the ClosedLoop AI SAML app. |
Prerequisites
- A Google Workspace admin account with permission to create custom SAML apps.
- A ClosedLoop AI workspace admin account.
- Your ClosedLoop AI workspace ID. ClosedLoop AI shows this value during setup.
Setup Guide
Step 1: Open Google Workspace setup in ClosedLoop AI
Step 1: Open Google Workspace setup in ClosedLoop AI
- Sign in to ClosedLoop AI as a workspace admin.
- Go to Integrations > Google Workspace SSO.
- Keep this page open. You will copy the generated ACS URL and Entity ID into Google Admin.
Step 2: Create a custom SAML app in Google Admin
Step 2: Create a custom SAML app in Google Admin
- In Google Admin, go to Apps > Web and mobile apps.
- Click Add app > Add custom SAML app.
- Set the app name to ClosedLoop AI.
- Continue to the Google IdP details step.
- Copy the Google SSO URL and Entity ID.
- Download or copy the Google signing certificate.
Step 3: Configure service provider details
Step 3: Configure service provider details
Paste the generated ClosedLoop AI values into Google.
Signed response must be enabled because ClosedLoop AI verifies the SAML response signature. Members start sign-in from the ClosedLoop AI email screen, then return to ClosedLoop AI after Google verifies them.
| Google field | Value |
|---|---|
| ACS URL | The ACS URL from ClosedLoop AI |
| Entity ID | The Entity ID from ClosedLoop AI |
| Start URL | Leave blank |
| Signed response | On |
| Name ID format | EMAIL |
| Name ID | Basic Information > Primary email |
Step 4: Map attributes
Step 4: Map attributes
Add these attribute mappings in Google Admin.
These defaults match the attribute fields shown in ClosedLoop AI.
| Google directory attribute | App attribute |
|---|---|
Basic Information > Primary email | email |
Basic Information > First name | firstName |
Basic Information > Last name | lastName |
Step 5: Save Google values in ClosedLoop AI
Step 5: Save Google values in ClosedLoop AI
- Return to Integrations > Google Workspace SSO in ClosedLoop AI.
- Paste the Google Entity ID.
- Paste the Google SSO URL.
- Paste the Google certificate.
- Keep Enable Google Workspace sign-in on.
- Keep JIT provisioning on if members should be created on first Google sign-in.
- Click Save Google Workspace setup.
Step 6: Turn the app on for users
Step 6: Turn the app on for users
In Google Admin, assign the ClosedLoop AI SAML app to the users or groups who should have access.Test with one user first. After confirming sign-in works, roll it out to the rest of the intended group.
Testing
After configuration:- Assign a test user to the ClosedLoop AI SAML app in Google Admin.
- Open ClosedLoop AI and enter the test user’s email address.
- Confirm ClosedLoop AI redirects the user to Google.
- Complete Google sign-in.
- Confirm the user returns to ClosedLoop AI.
Troubleshooting
| Symptom | Fix |
|---|---|
| Google sign-in succeeds but ClosedLoop AI rejects the response | Confirm Signed response is enabled in Google Admin. |
| The user is not allowed into ClosedLoop AI | Confirm the user is assigned to the Google SAML app, and JIT provisioning is enabled or the user already exists in the workspace. |
| ClosedLoop AI does not find the user’s email | Confirm Google maps Basic Information > Primary email to the email app attribute. |
| The browser returns to the wrong region | Recopy the ACS URL and Start URL from the ClosedLoop AI workspace you are configuring. |
Open ClosedLoop AI US
Configure Google Workspace SSO in a US workspace
Open ClosedLoop AI EU
Configure Google Workspace SSO in an EU workspace