Skip to main content

G Suite Single Sign On

Jesse Charvat
  • Updated

Connecting your Lattice account with G Suite

You can use your existing G Suite account as a SAML identity provider to authenticate your Lattice users trying to sign in. Using your G Suite account, your users will no longer need to remember an extra password to sign into Lattice, and you can quickly remove their access to Lattice from a centralized control panel.

Note: The G Suite integration is only for SSO. We do not automatically synchronize your user accounts between systems yet. This is planned for the future, but right now, you will have to keep your Lattice user accounts in sync with your directory service. If a user doesn't have an account in Lattice, they won't be able to log in. You can create user accounts manually or send us a CSV spreadsheet.

What is the difference between Google SSO and "Sign in with Google"?

  • "Sign in with Google" uses Google's OAuth API. Upside: No configuration. It "just works." The downside is that there currently is no way to force only this option.
  • "Google SSO" uses Google's SAML 2.0 API. The upside: One can force this option and disable email/password. The downside is that it requires setup.

Note: As the SSO configuration is a technical process, we recommend that your IT team assist with set up.

5-minute setup guide

  1. In your Google Admin console (at admin.google.com), click Apps.
  2. From here, click Add App and select Add custom SAML app.
    Google Admin Add Custom SAML App

  3. Give the app a name.
    Google Admin App Details

  4. From here, be sure to download your XML metadata and put it somewhere, such as a text editor, to be pasted into Lattice.
    Google Admin Download IDP Metadata

  5. Configure the SAML endpoints. Please replace [subdomain] with your Lattice subdomain.

    • ACS URL: https://router.latticehq.com/sso/[subdomain]/acs

    • Entity ID: https://router.latticehq.com/sso/[subdomain]/metadata

    • Start URL: https://[subdomain].latticehq.com/login

    • Name ID: "Basic Information" and "Primary Email"

    • Name ID Format: "EMAIL"
      Google Admin Service Provider Details

  6. You can skip the Attribute Mapping step and click Finish.

  7. In Lattice, navigate to Admin > Settings > Single Sign On.

  8. Paste in your downloaded XML in the field called XML metadata.

  9. You can optionally limit your users so that they can only sign in with SSO. Learn more about forcing employees to use Single Sign-On.

  10. Click Save, and you're all set! 

  11. By default, the app you created is turned off and is not visible to the users signed in to your Google domain account. To activate the app, go to the Google Admin page. Select App > SAML Apps. Then find Lattice, click on the three dots on the right side, and select ON for everyone in the drop-down list.
    Google App three dots with dropdown options: ON for everyone, OFF, and ON for some organizations.

If you sign out of Lattice, you should see a new Single Sign On button. Clicking on it will first take you to G Suite where you will be authenticated then G Suite will redirect you back to Lattice where you will be automatically signed in.

Related articles