Skip to main content

Setting Up SSO with Google Workspace

Support
Updated

Topics included in this article:

Overview

Single Sign-On is a way to sync sign-on across multiple applications, allowing you to log in to all applications with one user account and password.

Rhombus supports any SAML SSO (single sign-on) identity providers. This article covers how to configure SSO with Google Workspace.

 

Recovery Users

A Recovery User is a user account in your organization that bypasses SAML once enabled.

Note: We recommend having at least two Super User Accounts as Recovery Users when enabling SSO to ensure you have a method of logging and disabling SSO in the event SAML encounters errors.

Enabling a user account as a Recovery User is performed during the SSO configuration process in the Rhombus console.
1. Log into the Rhombus Console, navigate to "Settings," and click "Single Sign-On."
Settings > Single Sign-On.png

 

2. Click the dropdown for "Single Sign-On" and select any of the options you wish to include.

  • Select specific users as "Recovery Users." We recommend selecting at least two.
  • Choose to enable Single Sign-On for the Rhombus Console and/or the Rhombus Key app.
  • Enable Just-In-Time User Creation if desired. Just-In-Time User Creation can be enabled to dynamically create a Rhombus user account matching the SSO login email the first time that user logs into the console.
Screenshot 2026-03-06 at 4.28.02 PM.png

 

3. Click the dropdown menu that reads "Select SSO Recovery Users," click the checkbox beside the users you wish to set as Recover Users, and click "Save."
Screenshot 2026-03-06 at 4.44.07 PM.png

 

Google Admin

1. Log in to your account at https://admin.google.com/.

2. Click the "Apps" dropdown menu, and select "Web and mobile apps."

Workspace apps.png

 

3. Click "Add App" and select "Add custom SAML app."

Screenshot 2026-05-20 at 11.00.07 AM.png

 

5. Enter "Rhombus" for the app name, and click "Continue."

Screenshot 2026-05-20 at 11.02.48 AM.png

 

6. Under Option 1, click "Download Metadata." Keep this file for later.

Screen_Shot_2021-01-06_at_11.34.45_AM.png

 

7. After downloading the IDP metadata, you will be asked for "Service Provider details." Navigate back to the Rhombus Console, then copy and paste the information below "Setup SSO with Rhombus Service Provider." Name ID Format will be "EMAIL."

Note: The ACS URL field, should be https://console.rhombus.com/saml/SSO. Do not add any characters after /SSO.

Note: After entering the ACS URL field, allow 10-15 minutes for Google to propagate new settings. Cache, cookies, and form information may need to be cleared after setup is complete.

Screenshot 2026-05-20 at 11.05.15 AM.png
Screenshot 2026-05-20 at 11.18.23 AM.png

 

8. Click "Continue" in the bottom right corner, click "Finish," and you'll have completed the necessary steps within the Google Admin.

9. Back in the Rhombus Console, open the XML file downloaded in step #6. Copy and paste the entirety of its contents in the "IDP MetaData XML" field, and click "Save."

Note: Any existing users will now use your identity provider. If you have users who are not in your identity provider, they will no longer be able to log in.

 

Helpful Links

 

Contact Support or Sales

Have more questions? Contact Rhombus Support at +1 (877) 746-6797 option 2 or support@rhombus.com.

Interested in learning more? Contact Rhombus Sales at +1 (877) 746-6797 option 1 or sales@rhombus.com.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk