Skip to content
Contact Support
  • There are no suggestions because the search field is empty.

Setting Up Single Sign-On with Google 🚀

Ready to make logging into Haystack super simple and secure for your team? By using Google SSO, your users can say goodbye to remembering another password! It also gives you a central place to manage everyone's access.

You have two awesome options for setting this up: OIDC and SAML. Both are great—it just depends on what your IT team prefers!

  • OIDC is quick and easy to get up and running.

  • SAML is a bit more complex, but it offers extra security.

Either way, both options let your team log into Haystack with their existing Google passwords. If you're not sure which one is right for you, just chat with your IT team or our support team at support@haystackteam.com.

Setting Up Google Single Sign-On with OIDC 

This is the fastest and easiest way to get started! We'll handle most of the work for you.

  1. Just let your Haystack Customer Success Manager know you'd like to use "sign in with Google."

  2. Provide them with the email domains your company uses.

  3. Sit back and relax! Our engineering team will take it from there.

This process usually takes about 5-7 business days, but don't worry—you'll still be able to log in using a magic link in the meantime. We'll let you know as soon as it's configured! From then on, all your users will just click the "Continue with Google" button to sign in.

Setting Up Google Single Sign-On with SAML

This is a more technical process, so we highly recommend getting your IT team to help out with this part.

Step 1: Create a New SAML Application in Google

  1. In your Google Admin console, go to Menu > Apps > Web and mobile apps.
  2. Click Add App, then Add custom SAML app.
  3. Give your app a name (like Haystack) and upload an icon if you'd like.
  4. 4. Click Continue.

Step 2: Configure Service Provider Details

Now, you'll need to enter some details to connect Google to Haystack. Remember to replace "subdomain" with your company's Haystack subdomain in each field. If you're not sure what it is, just reach out to your CSM or our support team.

  • ACS URL: https://subdomain.haystack.so/api/saml/acs

  • Entity ID: https://subdomain.haystack.so/api/saml/metadata

Click Continue and then Finish.

Step 3: Copy the IDP Metadata

This is the key that links everything together!

  1. Inside your new SAML app, go to the Google Identity Provider details page.
  2. Download the IDP metadata.
  3. Open the file in a simple text editor (like Notepad or TextEdit). Important: Opening it in another app might add formatting that will cause errors!
  4. Copy the entire text of the metadata.

Step 4: Complete the SSO Setup in Haystack

You're in the home stretch!

Only users with Workspace Admin and Access Control Admin permissions can do this next part. If you don't have them, ask your platform admins or our support team for help at support@haystackteam.com. 

  1. Click the account dropdown in the top right corner and select Admin Console.

  2. In the left-hand menu, click User Provision & Login.

  3. Toggle on Login with SAML.

  4. Paste the metadata you copied into the IDP metadata XML box.

  5. Set your session timeout days as needed.

  6. Click Save User Login Options.

Awesome- you're all set! 🎉 Your Google SAML SSO is now configured. Your team can now use the "Continue with Google" button to log in.

Keywords: Google, SSO, single sign-on, SAML, OIDC, OpenID Connect, setup, login, authentication, admin, IT, guide, instructions