Single Sign On with Google

Note: For you to enable SSO, our support team must first turn on the option for your organization. To get SSO turned on, please reach out to our support team on our contact form.

After contacting FireHydrant support to get SSO turned on for your organization, follow the steps in this article. 

Setting up single sign on with Google enables users in your G Suite account to authenticate (and provision) into your FireHydrant organization.

To follow the configuration steps, you must have permission to configure SAML applications in your Google admin panel. You must also have the role of Owner on FireHydrant to enable SSO for your account.

Creating the SAML Application

To get started:

  1. Follow Google's instructions on how to set up your own custom SAML application until you get to the Google Identity Provider details page.
  2. In a separate browser tab, open FireHydrant's SSO settings page and check Enable SSO. Three additional fields appear, requiring:
    • an IdP Login URL
    • the IdP Issuer
    • an IdP X509 Certificate
  3. Copy the values from Google into FireHydrant as follows:
Google Value FireHydrant Field
Entity ID IDP Issuer
Certificate IdP X509 Certificate
  1. (Optional) In the Domains section of FireHydrant, add the email domain name for your organization. This enables a message that appears when users attempt to log in using credentials from your org, advising them to log in with SSO.
  2. Click Save in FireHydrant.
  3. In Google, click Next. Google prompts you to fill in Service Provider details. For the ACS URL and Entitiy ID fields, enter
  4. Enable the Signed Response checkbox.
  5. Verify that Primary Email is selected for the Name ID section. This is how your SSO configuration automatically creates accounts or logs existing users in to FireHydrant.
  6. For the Name ID Format field, select Email. Click Next.
  7. (Optional) On the last step of the Google setup, provide any attribute mappings you'd like to include when users are sent to FireHydrant. These are optional, but we recommend setting the first and last name attributes so when users are provisioned, their names are automatically set correctly in FireHydrant.
  8. Click Finish. This completes your Google SSO setup.

Last updated on 2/9/2024