Testmo can be integrated with Google Workspace (formerly called G Suite) via SAML so users can login to Testmo with their Google Workspace directory account. Testmo supports configuring multiple login methods, so you can integrate different identity providers (as well as internal Testmo logins) at the same time. This guide explains how to configure the integration in Testmo and Google Workspace.
Testmo Enterprise feature
Single sign-on integration is a Testmo Enterprise-only feature. To use the Google Workspace SAML integration, please ensure that you are using Testmo Enterprise. If you are unsure about your subscription (or want to try the integration with a trial), please contact us.
Configuring the Google Workspace SAML integration
To configure the integration between both tools, you need to configure it both in Testmo and in Google Workspace. The Testmo and Google Workspace integration uses SAML as the authentication protocol.
We start by configuring the integration in Google Workspace. Open the Workspace admin portal and select Web > Web and mobile apps from the left sidebar. Then click Add App and select Add custom SAML app.
Enter the new App name for the integration (e.g. Testmo)
Click Continue
The Add App wizard then shows the Google Identify Provider SAML details. We will need these when configuring the integration in Testmo in a moment, so we copy these details for later:
SSO URL: This will be the SAML single sign-on URL in Testmo
Entity ID: This will be the SAML entity ID in Testmo
Certificate: This will be the SAML public certificate (X509) in Testmo
Click Continue
Next we are asked to enter the Service provider details on the next page. Enter these details:
ACS URL: Enter your Testmo web address plus
/auth/saml/login/
. I.e.:Important: You will need to update this address here and add the ID of the Testmo integration after you configure it in Testmo in a moment!
Entity ID: Your Testmo web address (i.e.
https://<yourname>.testmo.net
), without the ending slash (/)Leave everything else as default/empty
Click Continue
On the next Add App wizard page we add Attributes that will be sent to Testmo when a user logs in. Add the following four attributes by clicking the Add mapping button:
Login attribute:
Google directory attribute: Primary email
App attribute:
login
(important: all lower case)
Email attribute:
Google directory attribute: Primary email
App attribute:
email
(important: all lower case)
First name attribute:
Google directory attribute: First name
App attribute:
firstname
(important: all lower case)
Last name attribute:
Google directory attribute: Last name
App attribute:
lastname
(important: all lower case)
Save everything by clicking Finish
Now you need to assign which Google Workspace users can use the integration. It is disabled for all your users by default. From the overview page, in the User access section, expand the settings by clicking the arrow icon in the top right corer. Then select ON for everyone if you want to enable this for all users, or enable the integration just for specific groups or users. Click Save to apply the changes.
We continue with the configuration in Testmo. In Testmo, go to Admin > Authentication. In the External section, click + Login method. Then enter these details in the Add login method dialog:
Name: The name of the login method. This is the name displayed on the login page to choose a login method for users. You could call it Google Workspace, for example.
Provider: Select Google Workspace (SAML)
SAML entity ID: Copy the above Entity ID from Google Workspace here
SAML single sign-on URL: Copy the above SSO URL from Google Workspace here
SAML public certificate (X509): Copy the above Certificate from Google Workspace here
SAML claims
ID claim: Change this to
login
Name claim: Change this to (note the space between both variables):
Email claim: Leave default value of
email
Save the new integration
Important: You now need to update the integration in Google and update the address to include the newly added integration ID from Testmo. First look up the ID of the login method in Testmo. Next to the name of the added Google Workspace login method (under Admin > Authentication) hover your mouse cursor over the info icon. Note the ID shown in the tooltip.
Now in Google Workspace, expand the Service provider details for the Testmo application. Update the ACS URL using this format (adding the above ID):
Restricting Google Workspace to certain user groups
Testmo supports restricting specific login methods to certain user groups. For example, you can configure one login method to support only a specific user group, while another login method can be used by all users etc. Learn more about authentication login rules.
Auto-provisioning new users
You can optionally also auto-provision new users. So if a user logs in for the first time and you enable auto-provisioning, Testmo automatically creates a Testmo account for the user. Learn more about auto-provisioning.
Logging in to Testmo with Google Workspace
When multiple login methods are configured in Testmo, users can choose a login method from Testmo's login page. The internal Testmo login is also always available. Depending on the authentication login rules you configure, some login methods might only be allowed for certain user groups.
The internal Testmo login method is always enabled at least for Testmo admin users. This way admin users can always log in to Testmo, even if an external authentication system is having issues.
Disabling the integration
You can disable the Google Workspace integration at any time. To do so, we recommend disabling or removing the integration both in Testmo and in Google:
In Testmo, go to Admin > Authentication and either disable or remove the login method. Make sure that another login method is configured for the users who previously logged in with Google Workspace and notify the users about the change.
In Google Workspace, delete the configured Testmo application.
Last updated