Google Workspace Configuration
1. To configure Google Workspace as your Identity Provider for SSO in NowSignage, you first need to configure a SAML app in Google Workspace. To configure it, you need to go to https://admin.google.com/ and navigate to Apps > Web and mobile apps
2. Once in the selected section, then you need to create a new SAML app under Add app > Add custom SAML app:
3. Fill in the name and description of the app and click continue:
4. The next step will present you with the data that you will need to copy and paste into NowSignage. Don't worry if don't save it, as you will be able to see it later once the app has been fully setup. Click continue again.
5. The next step will ask you to fill in the Service Provider details.
ACS Url: https://secure.nowsignage.com/customers/saml/auth
Entity ID: https://secure.nowsignage.com/saml/metadata
Make sure the Name ID format is set as EMAIL and Name ID as Basic Information > Primary email
Don't worry if you don't fill in the data correctly as it can always be updated once the setup is finished.
6. In the final step, add a mapping Primary email > email and click finish.
7. After configuring everything, a summary of the app is presented, where you can manage all previous parameters.
It is important to check that User Access is set to ON for everyone or set to ON for the users you want
If that setting is OFF, none of the users will be able to use SSO.
NowSignage configuration
Note: if you need to access the Identity Provider details again in Google Workspace, you can click on Download Metadata and a modal with the information will appear, then you can copy and paste those details into NowSignage CMS
1. Go into your NowSignage account and click into your initails in the top right of the platform then select 'My Account'. Now click 'Users and Roles' in the top menu bar and then select 'SSO Configuration':
2. To enable SSO for all users of your account, tick the 'use SSO for customer login' box, then fill in the following fields:
Identity Provider: Google Workspace
Identity Provider ID: Entity ID value (from Google Workspace)
Identity Provider Login URL: SSO URL (from Google Workspace)
Identity Provider Certificate: Certificate (from Google Workspace)
Then select 'Save' at the bottom of the page:
3. SSO is now enabled for all users in your account, they will now be required to only sign into NowSignage through SSO and will no longer be able to log in using their NowSignage password.
How to exclude users from SSO
After setting up SSO, you can exclude specific users from the SSO requirement to allow them to also log in with their NowSignage user account. To do this, within the SSO configuration page, scroll to the bottom of the page and you will see an user exception list:
You can now search for and select specific users you wish to add to the exception list. Users can be removed from this list at any stage.
It is recommended to exclude at least one user with Account Owner permissions. In the event your identity provider is down, they can log in and untick the 'Use SSO for customer login' checkbox to allow all users to log in with their NowSignage accounts.
permissions. In the event your identity provider is down, they can log in and untick theTroubleshooting
Error 403 when trying to log in via Google SSO:
Once SSO is set up if a user tries to log into NowSignage through their Google account they may receive the above error, this can be resolved by following the steps below:
1. Reopen your web-browser of choice in incognito mode (if using Google Chrome, right click the shortcut and select 'new incognito window).
2. Visit https://secure.nowsignage.com/customers/sso_login within the incognito browser window.
3. Log into NowSignage using your Google account and this should now successfully log you in.
4. You can now leave the incognito browser and log in as normal via your browser and this should now work each time you log in.