Google Workspace SAML Setup

Create a new SAML configuration in Kasm

  1. Log into the Kasm UI as an administrator.

  2. Select Access Management -> Authentication -> SAML -> Add Configuration.

  3. The SAML 2.0 Configuration page will auto-generate the Entity ID, Single Sign On Service, Single Logout Server, and Relay State values.

  4. Check Enable, enter the Hostname of the Kasm Workspaces URL (e.g and enter a Display Name. e.g (Login with Google).

  5. Update the following Settings:



Group Member Attribute


NameID Attribute


Want Attribute Statement


Want Assertions Signed


Want Messages Signed


Want Name ID


Signature Algorithm


Digest Algorithm


  1. Leave this page open and continue to the next steps.

Add a new application in Google Workspace

  1. Open the Google Admin Console, Expand Apps, then Select Web and mobile apps.


Portal Navigation

  1. Select Add app, then click Add custom SAML app.



  1. Enter an App name (e.g Kasm Workspaces) then select Continue.


Add Applications

  1. Copy the Google IdP entries to the Identity Provider section of the Kasm SAML Configurations started in the previous section. Then click Continue.

Kasm Property Name

Google Workspace Property Name

Entity ID

Entity ID

Single Sign On Service


X509 Certificate



Google IdP Information

  1. Copy the Kasm SAML configurations from the Service Provider section into the Service Provider Details section.

Kasm Property Name

Google Workspace Property Name

Entity ID

Entity ID

Single Sign On Service


https://<server-url>/#/staticlogin e.g

Start URL


Service Provider Details

  1. Ensure the following settings are configured in the Google Workspace Service Provider Details . Select Continue.



Signed Response


Name ID

Basic Information / Primary Email

Name ID Format


  1. If desired, select Google groups to pass to Kasm in the SAML assertion. Ensure the App attribute is set to groups to match the Group Membership Attribute previously configured in the Kasm SAML settings. In this example, a previously created security group KasmAdmins is selected. When complete, select Finish.


Group Mempership mapping

  1. Review the final Kasm SAML Configuration form. Click Sumbit to save.


Google SAML Config

Enabling Access for Users

Once the Kasm SAML app is configured , access must be granted to Google users.

  1. From the Google Admin Admin Console Expand Apps, then Select Web and mobile Apps, then select Kasm Workspaces

  2. Click User Access


Edit Service

  1. Select ON for everyone or for the desired Organizational Units or Groups, then click Save


Giving App Access

Group Mappings

In the previous steps, the Google Workspace SAML configuration was configured to pass the KasmAdmin security group in the SAML assertion. The following example will demonstrate how to associate the Google group with a Kasm Group.

  1. Log into the Kasm UI as an administrator.

  2. Select Access Management -> Groups then select Edit next to the Administrators Group.

  3. In the SSO Group Mappings section, select Add SSO Mapping.

  4. Select SAML-Login with Google in the SSO Provider* section.

  5. Enter KasmAdmins in the Group Attribute section.


SSO Group Mapping

Testing Access

  1. Log out of the Kasm UI if already logged in.

  2. Navigate to the Kasm UI login page.


Kasm Login

  1. Click Login with Google to initiate the SAML SSO process.


Google Login

  1. After logging in, you should be redirected to the Kasm UI Dashboard. If the user was a member of the KasmAdmins Google group, they should now be a member of the Administrators group within Kasm.

  2. From another browser, login to Google. Click the Google Apps icon in the top right corner. Scroll down and click Kasm. You should be logged into the Kasm UI Dashboard.


Kasm App in Google Apps