To use SAML 2.0 Authentication with Google Apps, add a new Google SAML Application. Then go to Service Provider Details:
ACS URL must be set to the Assertion Consumer Service URL of your Team, which can be found on https://stackoverflow.com/c/yourteam/admin/auth-settings, on the right sidebar
Entity ID is something you can make up. The URI doesn't need to exist, but it *must* be copy-pasted into your Team auth settings, as the Issuer
Start URL is not needed
Now go to Add New Mapping. You must have at least one parameter for the user display name and one for the user email. These are the custom parameters we have configured for this example:
We must now setup our Team for using this Google SAML app. Open the Team Auth Settings page on a separate tab: https://stackoverflow.com/c/yourteam/admin/auth-settings
You'll need to fill the following fields according to what you got on your Google App:
Single Sign-On Service Url: that's the SSO URL seen above
Single Sign-On Service Protocol Binding: do not change, leave as POST
Issuer and Audience Restriction: that's the Ent ID seen above
Display Name Assertion: should match the attribute, on the Attribute Mapping tab, for the user display name
Email Address Assertion: should match the attribute, on the Attribute Mapping tab, for the user email
Leave all checkboxes unchecked
Identity Provider Certificates: copy and paste the certificate for your Google SAML setup. This can be found by downloading the Certificate
This is how you should setup your Team for the settings above: