Part 1: Preparation work in Google Workspace
1. Log in to the Google Admin console (https://admin.google.com) with administrator credentials.
2. From the left menu expand the Security section and click on Settings.
3. Select the Set up single sign-on (SSO) with a third party IdP option.
4. Click Add SSO profile.
5. Check the Set up SSO with third-party identity provider box.
6. On the Google IdP Information page, scroll down and click the Download button in the Section 2 - IDP Metadata section and click Next. Save the file to your local drive.
7. In the Application Name field, type Valimail. Click the Upload Logo button and upload whichever logo you prefer, from the two provided below: (right-click the logo below and save to your computer)
Valimail App Logo
8. On the Service Provider Details page, enter the following details:
- ACS URL: https://app.valimail.com/sso/consume
- Entity ID: https://app.valimail.com
- Start URL: https://app.valimail.com/users/sign_in
- Name ID Format should be set to EMAIL
Then click Next.
9. On the Attribute Mapping page, add the following mappings as depicted, then click Finish.
Note: the attribute names must exactly match those depicted -- they are case- and whitespace-sensitive.
10. The Google SSO-portion of the configuration is now complete.
11. Now login to https://app.valimail.com, click your Account Name (in the upper-right corner), and click Account Settings.
Part 2: Configuration within the Valimail Product Suite
Be sure to add any users who should have access to the Valimail Product Suite.
1. In a new browser tab/window, go to https://app.valimail.com and login to Valimail with your username and password.
2. Click on the gear icon on the Product Switcher.
3. Under 'General' Settings, go to the 'Account Security' tile and click 'Setup' for SSO
4. In the 'Single Sign-on Configuration' window, click 'upload IDP metadata file'. Locate the XML file you saved from your IdP and upload it.
Here you can also:
Enable JIT Provisioning (optional): Check this option to enable Just In Time (JIT) Provisioning.
Provisioning Domains (for JIT): Add one or more provisioning domains.
5. Click 'Enable'
6. Testing IdP-initiated SSO: Open up a private/incognito window in your browser and go to your SSO provider's login portal, login with your SSO credentials, locate and then launch the Valimail app. If SSO was successful, you'll arrive at the Valimail Enforce home page for your account.
7. Testing SP-initiated SSO: Open up a private/incognito window in your browser and go to https://app.valimail.com and enter your SSO username (email address). You will see the following message -- click Sign in with SSO. You will then be taken to your SSO provider's login screen and the IdP-initiated login flow. If SSO was successful, you'll arrive at the Valimail Product home page for your account.
⚠️ If SSO was unsuccessful and you're unable to login to Valimail Enforce, just email email@example.com for assistance.