Skip to content
  • There are no suggestions because the search field is empty.

Google (SAML, Enterprise)

How to configure SAML for Google in TestMonitor.

Single Sign-on (SSO) allows users to log in to TestMonitor using as a trusted enterprise identity provider. It uses SAML (Security Assertion Markup Language), a widely used standard that lets Google securely verify user identities and pass that information to TestMonitor. This enables employees to authenticate using their existing Google credentials.

Using Google Workspace SAML SSO provides centralized identity security, streamlined onboarding, and full enterprise-level access control.

This feature is available to customers with an Enterprise plan.

Supported Features

  • Service Provider (SP)-Initiated SSO: Users start at TestMonitor and are redirected to Google for authentication.
  • Identity Provider (IdP)-Initiated SSO: Users can launch TestMonitor directly from Google Apps.
  • Full access control from Google: use groups, conditional access, MFA, and user profile policies to manage who can access TestMonitor.
  • Custom sign-on button: A dedicated Sign in with SAML badge appears on the TestMonitor login screen.
  • Automatic account creation (auto-provisioning): Users are created automatically when signing in for the first time.

Before You Begin

To configure Google SAML SSO, ensure that you:

  • Have access to a Google Workspace.
  • Have administrator permissions for that tenant.
  • Have a TestMonitor administrator account.

After completing these requirements, follow the steps below.

Set Up TestMonitor as Application in Google

You must add TestMonitor as an Application in Google before completing SSO setup:

  1. Sign in to the your Google Workspace admin dashboard.
  2. Navigate to Apps and then navigate to Web and mobile apps.
  3. Click Add app.
  4. Click Add custom SAML app.
  5. Name the app (e.g., TestMonitor) and upload a logo that you want to be displayed when users login.
  6. Click Continue.
  7. Open the TestMonitor application.
  8. In the left menu, select Single sign-on and choose SAML.
  9. Keep the SAML configuration page open—you’ll need these details in the next step.

Let’s get started with configuring SSO in TestMonitor.

Configure Single Sign-on in TestMonitor

While setting up your Google SAML app, you can move forward with configuring TestMonitor:

  1. Click on the gear icon on the top to head over to the general settings.
  2. Under Security in the left menu, select Single Sign-on.
  3. Toggle the switch to Use Single Sign-on.
  4. Select SAML as your SSO provider.
  5. You’ll need to copy several URLs from Google and enter them into the appropriate fields on the TestMonitor SSO page:
    1. On the Google SAML application page copy the SSO URL from Google and enter it in the SSO URL field in TestMonitor.
    2. Copy the Entity ID from Google and enter it into the Issuer URL field.
  6. Next, you'll need to supply the certificate used to digitally sign and encrypt authentication data:
    1. In Google, click on the Copy icon above the certificate.
    2. Paste the contents into the X.509 Certificate field within TestMonitor.
  7. Enter your company name in the Company Name field, which appears on the TestMonitor login screen.
  8. Optionally, enable Disable Default Login to prevent non-administrator users from signing in with their TestMonitor email and password, ensuring they can only access TestMonitor via SSO.
  9. Click on Save in TestMonitor to activate your SAML configuration.
  10. Return to Google and click Continue.
  11. Next, you’ll need to copy several URLs from TestMonitor and enter them into the appropriate fields on the Google SAML configuration page:
    1. Copy the ACS URL from TestMonitor and enter it into the ACS URL field.
    2. Copy the Metadata URL (Entity ID) from TestMonitor and enter it into the Entity ID field.
  12. Keep the Signed Response checkbox unchecked.
  13. Keep the default value UNSPECIFIED for the Name ID format field.
  14. Keep the default value Basic Information > Primary email for the Name ID field.
  15. Click Continue.
  16. Lastly, configure Attribute Mapping to ensure Google SAML passes the correct user details to TestMonitor. Add the following attributes:
    1. Select the Google directory attribute First Name and enter the text firstName in the App attribute field.
    2. Select the Google directory attribute Last Name and enter the text lastName in the App attribute field.
  17. Click Finish 

Google offers a built-in option to test your SAML configuration if needed:

  1. Ensure that your Google account email address is also registered as a user in TestMonitor.
  2. Make sure the Google TestMonitor app is enabled for your Google account by navigating to the User Access section within the Google TestMonitor app and turn the app ON for a specific user group or for all users in your Google Workspace.
  3. Click on the TEST SAML Login button.
  4. If your SAML configuration is correct, you’ll be seamlessly signed in with your Google account.

Using Single Sign-on via Google

To authenticate using Google (SAML):

  1. Open your TestMonitor login page (e.g., mydomain.testmonitor.com).
  2. Click the Sign in with My Company button (using the company name you specified).
  3. You’ll be redirected to the Google sign-in page, enter your work account credentials.
  4. After successful authentication, Google redirects you back to TestMonitor.
  5. You are now signed in.

Users can also access TestMonitor directly from the Google Apps menu when your Google TestMonitor app is active.

Disable Single Sign-on

To disable SSO:

  1. Click on the gear icon on the top right for Settings.
  2. Under Access & Security in the left menu, select Single Sign-on.
  3. Toggle the switch off for Use Single Sign-on.

Be sure to turn off the Google TestMonitor App to prevent access via Google SAML to TestMonitor.

Troubleshooting

If you encounter errors involving the Google SAML integration, here are some steps you can take to troubleshoot the issue:

Check the SAML / provisioning logs in your Google Workspace

Navigate to Reporting in your Google Workspace, click on Audit and investigation, then click on SAML log events. These logs can provide insight into potential issues and help identify what may be causing problems.

Incorrect endpoint URL's

Verify the IdP Sign-in URL, Entity ID, and X.509 certificate in TestMonitor match exactly what’s provided in Google, and ensure the user exists in both systems with matching emails.

Invalid or Expired Certificate

Check the X.509 certificate in Google for expiration. If expired, generate a new certificate in Google and update the corresponding certificate in TestMonitor.

Provisioning Not Triggering

Make sure the intended users or groups are assigned to the TestMonitor application in Google.

Contact Support

If these solutions do not resolve your issue, feel free to reach out to our support team for additional assistance.