To use SAML 2.0 Authentication with Google Apps, add a new Google SAML Application. Then go to Service Provider Details:


  • ACS URL must be set to the Assertion Consumer Service URL of your Team, which can be found on https://stackoverflow.com/c/yourteam/admin/auth-settings, on the right sidebar

  • Entity ID is something you can make up. The URI doesn't need to exist, but it *must* be copy-pasted into your Team auth settings, as the Issuer

  • Start URL is not needed

Now go to Add New Mapping. You must have at least one parameter for the user display name and one for the user email. These are the custom parameters we have configured for this example:

We must now setup our Team for using this Google SAML app. Open the Team Auth Settings page on a separate tab: https://stackoverflow.com/c/yourteam/admin/auth-settings

You'll need to fill the following fields according to what you got on your Google App:


  • Single Sign-On Service Url: that's the SSO URL seen above

  • Single Sign-On Service Protocol Binding: do not change, leave as POST

  • Issuer and Audience Restriction: that's the Ent ID seen above

  • Display Name Assertion: should match the attribute, on the Attribute Mapping tab, for the user display name

  • Email Address Assertion: should match the attribute, on the Attribute Mapping tab, for the user email

  • Leave all checkboxes unchecked

  • Identity Provider Certificates: copy and paste the certificate for your Google SAML setup. This can be found by downloading the Certificate



This is how you should setup your Team for the settings above: