This guide walks your Google Workspace Super Admin through creating a custom SAML application and mapping the required user attributes. Once complete, send the Identity Provider details to Human Focus and our team will activate SSO for your account. For assistance contact support@humanfocus.co.uk.
Single Sign ON (SSO) Set-up for Google Workspace
Please follow the steps below to configure SAML-based Single Sign-On (SSO) between Google Workspace and the Human Focus e-Learning system.
1. Sign in to Google Admin Console and navigate to Web and mobile apps
Sign in to your Google Workspace Admin Console at admin.google.com using your Super Admin account. From the left-hand menu click Apps, then select Web and mobile apps.
2. Click “+ Add app” and select “Add custom SAML app”
Click the + Add app button at the top of the Web and mobile apps page. A dropdown will appear — select Add custom SAML app.
3. Name your application and click “Continue”
On the App details page, enter a recognisable name — for example “Human Focus e-Learning”. Optionally upload the Human Focus logo. This name will appear in the Google Apps launcher for your users. Click Continue.
4. Download the Google Identity Provider (IdP) details
Google will display its Identity Provider details. You must collect the following and send to Human Focus later:
Option A — Click Download Metadata to download an XML file containing all IdP details (easiest option).
Option B — Note the SSO URL and Entity ID individually, and click Download Certificate to save the X.509 certificate.
Important: Save the certificate file and note the SSO URL and Entity ID. You will email these to Human Focus to complete the setup.
5. Enter the Service Provider (SP) details
On the Service provider details screen, enter the following values exactly as shown. Set Name ID format to EMAIL and Name ID to Basic Information > Primary email. Ensure Signed response is checked. Click Continue.
ACS URL (Assertion Consumer Service URL)
https://www.humanfocus.org.uk/CBTbyB/SAML/AssertionConsumerService.aspx
Entity ID
https://www.humanfocus.org.uk/
Important: The ACS URL and Entity ID must be entered exactly as shown above — even a trailing slash difference can cause authentication failures.
6. Configure Attribute Mapping
On the Attribute mapping screen, click Add mapping and configure the attributes below. These allow Human Focus to receive the correct user identity and assign the appropriate role upon sign-in.
| App attribute (Human Focus) | Google Directory attribute |
|---|---|
| first_name | Basic Information > First name |
| last_name | Basic Information > Last name |
| Basic Information > Primary email | |
| roles | Employee Details > Job title (or a custom attribute) |
Role Mapping: If you want to enable Role Mapping in Human Focus (to automatically assign learner or manager permissions), it is important to add the roles attribute. Please contact Human Focus to confirm the expected role values before enabling this feature.
You will see the added attributes in the Attribute mapping section. Click Finish to save the application configuration.
7. Enable the app for users in your organisation
After saving, you will be taken to the app overview page. By default the app is OFF for everyone. Click User access, select your entire organisation or specific Organisational Units, and set the status to ON. Click Save.
8. Send the IdP details to Human Focus
Under the Google Identity Provider details section (accessible from the left-hand settings panel of your new SAML app), you will find the Login URL, Entity ID, and Certificate. This data needs to be sent to Human Focus.
