Configure SAML-based single sign-on (SSO) with G Suite

Who can use this feature?

☞ Only team owners and admins can configure single sign-on (SSO)

☆ Available on the standard and premium plan.

Step 1: Prepare the configuration

  1. Log in to Nuclino.

  2. Click the menu button in the top left corner to open the main menu.

  3. Click on your team name and select Team settings.

  4. Go to the Authentication section and choose SAML-based single sign-on (SSO).

  5. Note the ACS URL and Entity ID.

Step 2: Set up G Suite for Nuclino

  1. Make sure you are a G Suite super administrator for this task.

  2. Go to the Google Admin console (at https://admin.google.com).

  3. Go to SAML Apps.

  4. Click Enable SSO for a SAML Application.

  5. Choose Set up my own custom app from the dialog.

    sso_google_1
  6. Note the SSO URL, Entity ID, and download the certificate. You'll later need to enter the SSO URL, Entity ID, and the content of the certificate file in your Nuclino team settings.

    sso_google_2
  7. Enter Nuclino or something similar as the Application Name.

    sso_google_3
  8. Fill out the form:

    1. ACS URL: Enter your ACS URL from Step 1

    2. Entity ID: Enter your Entity ID from Step 1

    3. Check Signed response.

    4. Name ID: Basic Information, Primary Email

    5. Name ID Format: EMAIL

      sso_google_4
  9. Create the following mappings:

    • first_name: Basic Information, First Name

    • last_name: Basic Information, Last Name

      sso_google_5
      sso_google_6
  10. Enable the new SAML App by setting it to ON for everyone.

    sso_google_7

Step 3: Integrate Nuclino with your identity provider

  1. Log in to Nuclino.

  2. Click the menu button in the top left corner to open the main menu.

  3. Click on your team name and select Team settings.

  4. Go to the Authentication section and choose SAML-based single sign-on (SSO)

  5. Enter the following information

    1. SSO URL: Enter the SSO URL you've noted in Step 2

    2. Entity ID: Enter the Entity ID you've noted in Step 2

    3. Certificate data: Open the certificate you downloaded in Step 2 in a text editor and copy/paste the content into this field.

  6. Click Save changes.

  7. Optional: Enforce single sign-on (SSO)

After you have successfully set up SSO

Your team can now sign up and log in via your team URL that you can find in your team settings in the section authentication.

  • People who already have a Nuclino account with the same email address as their SSO account can choose to link this account. Afterwards, they can log in using their existing Nuclino account or use SSO instead.

  • For people who don't have a Nuclino account yet, a new account is provisioned when they log in for the first time using your team URL. They can only log in using SSO as long as they don't generate a separate password using Nuclino's reset password functionality.

Users who have already set up SSO for their Nuclino account can also go to the normal login (https://app.nuclino.com/login) and select Log in via single sign-on (SSO).

Questions?

If you have any questions or need help to set up SSO for Nuclino, please contact us.