Google Workspace - SAML Tutorial
- Log in to the Knock Admin Dashboard as an admin. https://dashboard.knock-ai.com/settings/administration/security/sso-provider
- In a new tab, open the Google Admin Console: https://admin.google.com (admin account required).
- In Google Admin, go to Apps → Web and mobile apps.
- Click Add app → Add custom SAML app.
Create the Google Workspace SAML app (Google)
- In App details:
- App name: Knock AI
- Upload the Knock AI logo (download it from the Knock SSO setup page).
- In Google Identity Provider details, download the IdP metadata file (XML).
- Back in the Knock SSO setup page, upload that IdP metadata XML into the Metadata field, then click Next.
Configure the service provider details (Google, using values from Knock)
- In Google Admin, continue to Service provider details.
- Copy these values from the Knock SSO setup page and paste them into the matching Google fields:
- Knock ACS URL → Google ACS URL
- Knock Entity ID → Google Entity ID
- In Google Admin, set:
- Name ID format: EMAIL
- Name ID: Basic Information → Primary email
- Click Continue.
Finish setup + test (Google + Knock)
- In Google Admin, for SAML attribute mapping, you can click Continue (unless you have custom attributes to map).
- After the app is created, under User access, click View details and choose which users / groups can access Knock AI.
- In Knock, click Test Connection.
- Once the test succeeds, choose whether SSO is Required or Optional, then Activate the SSO integration.
✅ Done — Google Workspace SAML is now connected. Users can sign in using SSO (and email sign-in if you set SSO to Optional).