You can use single sign-on in Timetastic using G Suite (now known as Google Workspace) as your identity provider.
Note: auto-provisioning is not supported by Timetastic.
Step 1. Google setup
Start by logging into your Google Admin Console. A Timeastic SAML app is not yet available via the Google marketplace, so you will need to create your own by choosing 'Setup my own custom app'.
Google will display the details you need to enter into Timetastic: SSO URL, Entity ID, and will allow you to download the Certificate (as a file with a .pem extension).
Make a note of these things, and download the certificate (.pem file), so that you can set up Timetastic later.
You can then supply a name, description and logo for the app to help your users identify it within G Suite.
Finally, you'll need some details from Timetastic to complete the set up process:
- Navigate to SETTINGS > Security
- Click 'How to configure your Identity Provider' and copy the following values:
- Assertion Consumer Service URL - this is used to populate the 'ACS URL' field in Google.
- Entity ID or Audience URI - this is used to populate the 'Entity ID' field in Google.
- Leave 'Signed Response' unticked, as Timetastic doesn't currently support validating signed responses.
- Ensure that 'Primary Email' is selected for 'Name ID', assuming this value will match the email address of the relevant user in Timetastic.
- No mappings are required or supported at this time. Click the 'Finish' button to complete setup.
Granting user access
By default, the ability to sign in to Timetastic via Google will be disabled for your users:
You can click the drop down arrow (highlighted in the above image) to grant access to your users, as appropriate.
Once you've completed the Google steps, you need to set up Timetastic via SETTINGS > Security.
The values you need are the ones you made a note of earlier: SSO URL, Entity ID and the Certificate.
- Click the 'Set up SAML single-sign on' button to enter details of your Azure SAML configuration.
- For 'SAML SSO URL', paste the 'SSO URL' value that you made a note of during Google set up.
- For 'Issuer entity ID', paste the 'Entity ID' value that you made a note of during Google set up.
- For 'Public certificate', open the .pem file that you downloaded earlier in a text editor and you should see the certificate value enclosed within "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----". Copy the whole text, including those enclosing values, and paste into the 'Public certificate' field.
The remaining options within Timetastic are optional, but it is not recommended to make SSO mandatory for everyone until you've had chance to test that it works as expected.
Click 'Save Changes' to activate SSO for your organisation. You can either log out and back in again to test, or use a separate browser or incognito window.