Skip to main content

Integrate Kisi with Google SSO

info

This is a Kisi-built integration, maintained and supported by Kisi.

As a Kisi organization owner you can set up Google single sign-on (SSO) for your Kisi users. In addition to your SSO integration, you can enable authentication with password for individual users, providing flexibility as needed.

Prerequisites

  • a Kisi organization owner account
  • a valid and activated SSO license

Before setting up the integration, ensure you are logged in as the Kisi organization owner and have a valid, activated SSO license. If these prerequisites are met and the SSO & SCIM option is still not visible on the dashboard, please reach out to Kisi Support for assistance.

Set up the integration in Google

  1. Sign in to your Google Workspace Admin Console
  2. Click on Apps
  3. Choose SAML apps
  4. Click on the Add App dropdown menu and select Add custom SAML app
  5. Define an app name (e.g. Kisi SSO) and click Continue
  6. Download IDP metadata and click Continue
  7. Fill out the fields as follows:
    • ACS URL: https://api.kisi.io/saml/consume/<your-kisi-domain>. (You can find your Kisi organization domain under Settings > General)
    • Entity ID: https://api.kisi.io/saml/metadata
    • Start URL: Leave empty
    • Signed Response: Check
    • Name ID Format: Persistent
    • Name ID: Basic Information - Primary Email
  8. Click Continue
  9. In the Attribute Mapping section, click Add Mapping and fill out the fields as follows:
    • Basic information: Primary email
    • App attributes: Email
  10. Click Finish
  11. In the User access section, click on the arrow to edit the Service Status
  12. Select ON for everyone and click Save
  13. Assign users to the Kisi Application

Set up the integration in Kisi

  1. Sign in to Kisi as the organization owner
  2. Navigate to Settings, click on SSO & SCIM and paste the Metadata file that you downloaded in the steps above
  3. Click Save
note

You don't need any additional encryption certificate to set up SSO on Google.

Flexible authentication: SSO or password

Kisi organizations with Single Sign-On (SSO) enabled can, if needed, also enable authentication with password for users. If enabled, the user will be able to log in with email and password. If the user is in the organizations' IdP directory, an SSO login will also be available.

User removal impact on event logs

If you're utilizing a Single Sign-On (SSO) platform and an employee is removed, upon reviewing the Event history, the logs related to that user will continue displaying the user's name, even though they've been removed from the system.