Topic
This guide explains how to set up SAML (Security Assertion Markup Language) with NinjaOne using Google Workspace.
Environment
NinjaOne platform
Description
SAML allows technicians to access the NinjaOne application using a single sign-on with their preferred provider. SAML can be used with both the standard and branded NinjaOne web application, which supports multiple IdPs (Identity Providers).
Any IdP that supports SAML 2.0 may be used. However, we have only tested and verified Azure, OneLogin, and Okta.
There are two different workflows related to SAML. Currently, only the workflow initiated by the service provider is enabled for NinjaOne SAML.
- Service Provider (SP) initiated workflow: You navigate to NinjaOne to log in, and you are forwarded to the identity provider.
- Identity Provider (IdP) initiated workflow: You navigate to your identity provider to log in, and you are forwarded to NinjaOne to log in.
Please see Google's documentation on setting up single sign-on for SAML service providers.
For information on gathering the Entity ID and Assertion Reply URL from NinjaOne, refer to Login Security: Configure Single Sign-On in NinjaOne.
- NinjaOne has not tested or verified using SAML with Google Workspace. Refer to Google Workspace for troubleshooting.
- During setup, make sure to click the Signed Response button and change the Name ID format to "email" at the bottom of the page.
- In order to successfully set up SSO within NinjaOne, you need to either open a new browser or an incognito window. If you try to do this in a browser where you are already signed in to Google Workspace, the process will fail.
Additional Resources
To learn more about NinjaOne's identity services, refer to: