Part 1: Preparation work in Google Workspace


1. Login to your GSuite account (https://admin.google.com/AdminHome) with administrator credentials.


2. Click the Apps icon.


3. Click the SAML Apps icon.


4. On the SAML Apps page, click Add a service/App to your domain link.


5. Click Setup My Own Custom App.


6. On the Google IdP Information page, scroll down and click the Download button in the Section 2 - IDP Metadata section and click Next. Save the file to your local drive.


7. In the Application Name field, type Valimail. Click the Upload Logo button and upload the following image file:

Valimail App Logo


8. On the Service Provider Details page, enter the following details:

- ACS URL: https://app.valimail.com/sso/consume

- Entity ID: https://app.valimail.com

- Start URL: https://app.valimail.com/users/sign_in

- Name ID Format should be set to EMAIL


Then click Next.


9. On the Attribute Mapping page, add the following mappings as depicted, then click Finish.

Note: the attribute names must exactly match those depicted -- they are case- and whitespace-sensitive.


10. The Google SSO-portion of the configuration is now complete.


11. Now login to https://app.valimail.com, click your Account Name (in the upper-right corner), and click Account Settings.


Part 2: Configuration within the Valimail Product Suite


Be sure to add any users who should have access to the Valimail Product Suite. 


1. In a new browser tab/window, go to https://app.valimail.com and login to Valimail with your username and password.


2. Click on the gear icon on the Product Switcher.


3. Under 'General' Settings, go to the 'Account Security' tile and click 'Setup' for SSO




4. In the 'Single Sign-on Configuration' window, click 'upload IDP metadata file'. Locate the XML file you saved from your IdP and upload it.



Here you can also:

Enable JIT Provisioning (optional): Check this option to enable Just In Time (JIT) Provisioning.

Provisioning Domains (for JIT): Add one or more provisioning domains.


5. Click 'Enable'


6. Testing IdP-initiated SSO: Open up a private/incognito window in your browser and go to your SSO provider's login portal, login with your SSO credentials, locate and then launch the Valimail app. If SSO was successful, you'll arrive at the Valimail Enforce home page for your account.


7. Testing SP-initiated SSO: Open up a private/incognito window in your browser and go to https://app.valimail.com and enter your SSO username (email address). You will see the following message -- click Sign in with SSO. You will then be taken to your SSO provider's login screen and the IdP-initiated login flow. If SSO was successful, you'll arrive at the Valimail Product home page for your account.



⚠️ If SSO was unsuccessful and you're unable to login to Valimail Enforce, just email support@valimail.com for assistance.