1. Login to your GSuite account (https://admin.google.com/AdminHome) with administrator credentials.
2. Click the Apps icon.
3. Click the SAML Apps icon.
4. On the SAML Apps page, click Add a service/App to your domain link.
5. Click Setup My Own Custom App.
6. On the Google IdP Information page, scroll down and click the Download button in the Section 2 - IDP Metadata section and click Next. Save the file to your local drive.
7. In the Application Name field, type Valimail Enforce. Click the Upload Logo button and upload the following image file:
8. On the Service Provider Details page, enter the following details:
- ACS URL: https://defend.valimail.com/sso/consume
- Entity ID: https://defend.valimail.com
- Start URL: https://defend.valimail.com/users/sign_in
- Name ID Format should be set to EMAIL
Then click Next.
9. On the Attribute Mapping page, add the following mappings as depicted, then click Finish.
Note: the attribute names must exactly match those depicted -- they are case- and whitespace-sensitive.
10. The Google SSO-portion of the configuration is now complete.
11. Now login to https://defend.valimail.com, click your Account Name (in the upper-right corner), and click Account Settings.
12. Click Setup in the Authentication > Single Sign-On section.
13. Enter the following information:
IdP Metadata File: click Choose File and upload the file you saved in Step 6.
Enable JIT Provisioning (optional): Check this option to enable Just In Time (JIT) Provisioning.
Provisioning Domains (for JIT): Add one or more provisioning domains.
Click Enable Single Sign-On.
14. Before testing SSO, ensure the users you wish to test with are listed as users in the Valimail Account Settings > Users section (unless JIT Provisioning is enable, in which case this is not necessary).
⚠️ If SSO was unsuccessful and you're unable to login to Valimail Defend, just email firstname.lastname@example.org for assistance.