Integrate Google Workspace

Google Workspace SAML/SSO integration

Connect Google Workspace (formerly G Suite) with Tallyfy using SAML-based Single Sign-On. Your users authenticate with their Google credentials - no separate Tallyfy passwords needed.

Coordination required

SSO setup requires exchanging configuration details between your organization and Tallyfy. You can’t complete this alone. Submit a support ticket to get started.

Requirements

• Google Workspace admin account with super-administrator privileges
• Tallyfy Pro or Enterprise plan
• SAML configuration values from Tallyfy Support

Phase 1 - Create a custom SAML app in Google Workspace

Step 1: Create a custom SAML application

1. Sign in to the Google Workspace Admin console ↗

2. Go to Apps > Web and mobile apps

3. Click Add App > Add custom SAML app

   

Step 2: Configure basic app settings

1. Enter “Tallyfy” as the application name
2. Optionally upload the Tallyfy logo
3. Click Continue

Step 3: Collect Google Identity Provider details

1. On the Google Identity Provider details page, copy the SSO URL (Single Sign-On URL).

2. Copy the Entity ID (Issuer).

3. Download the Certificate file.

   

Step 4: Configure Service Provider details

1. Enter the Tallyfy ACS URL (Assertion Consumer Service URL) provided by Tallyfy Support.

2. Enter the Tallyfy Entity ID (Service Provider Entity ID) provided by Tallyfy Support.

3. Leave the Start URL field empty.

   

Step 5: Configure attribute mapping

Map these user attributes exactly as shown:

Google Directory Attribute	App Attribute
Primary Email	email
First Name	FirstName
Last Name	LastName

Click Finish. That’s it for the Google side.

Step 6: Enable user access

1. In the application settings, go to User Access

2. Set Service status to ON for everyone (or pick specific organizational units)

   

Phase 2 - Send your SAML details to Tallyfy

1. Send the collected SSO URL to Tallyfy Support.
2. Send the collected Entity ID to Tallyfy Support.
3. Send the downloaded Certificate file to Tallyfy Support.

Phase 3 - Complete the integration in Tallyfy

Step 1: Configure SAML settings in Tallyfy

1. Once Tallyfy Support processes your information, go to your organization settings

2. Find the SAML configuration section

3. Enter the configuration details Tallyfy Support provides

   

Step 2: Enable SAML authentication

1. Toggle the SAML activation switch to turn on SSO for your organization

   

User provisioning and access

After you finish the integration:

1. Share the Tallyfy login URL with your users (you’ll find it in the SAML configuration modal).

   

2. Confirm users who need access have been granted access to the SAML app in Google Workspace.

3. Existing Tallyfy users sign in through the shared SSO URL - no separate passwords required.

4. New users are automatically provisioned in Tallyfy on their first SSO login.

How the authentication flow works

Here’s the full SAML authentication flow after configuration is done.

Key points:

• Automatic provisioning - New users are created on first login (step 9a). No manual account setup needed.
• Attribute mapping - The email, FirstName, and LastName attributes from step 7 control how accounts are created and matched.
• Single authentication point - Users only authenticate with Google (steps 4-5), never entering Tallyfy passwords.

Troubleshooting

Running into authentication problems? Check these:

• Has the user been granted access to the SAML app in Google Workspace?
• Are the attribute mappings correct? Double-check the table above - case matters.
• Is the user accessing Tallyfy through the right SSO URL?
• Still stuck? Contact Tallyfy Support.

Related articles

Authentication > Integrate OneLogin SSO

Tallyfy integrates with OneLogin through SAML-based Single Sign-On by having an admin create a custom SAML connector in OneLogin and exchange configuration values like ACS URLs and X.509 certificates with Tallyfy Support so that team members can authenticate through a special SSO login URL with automatic provisioning for new users on first access.

Authentication > Integrate Okta SSO

Tallyfy integrates with Okta through SAML 2.0 SSO by creating an Okta SAML app and exchanging configuration details with Tallyfy Support so users can authenticate automatically and get accounts provisioned on first login in about 30 minutes.

Integrations > Authentication and SSO

Tallyfy offers free SSO on all paid plans with support for Microsoft Entra ID and Google Workspace and Okta and OneLogin and JumpCloud and any SAML 2.0 provider — letting teams log in with existing corporate credentials while also enabling SSO-based approval audit trails that can replace costly e-signature tools for internal use cases like purchase orders and policy acknowledgments.

Authentication > Integrate JumpCloud SSO

Tallyfy integrates with JumpCloud through SAML-based SSO by creating a custom SAML app in JumpCloud and exchanging identity provider metadata and service provider configuration with Tallyfy Support to enable automatic login and just-in-time user account creation for assigned users.

Was this helpful?

YesNo