1. Introduction
  2. Requirements
  3. Create the SSO SAML App on Google Admin Console
  4. Create a Single Sign On configuration set in ezeep
  5. Enter the correct Service Provider Details on the Google Admin Console
  6. Activate the SAML application for everyone in Google Admin Console
  7. Login as a user





SAML is today's standard when it comes to connecting the user management of a cloud service with a directory service. This document outlines how to setup SAML based login with Google accounts. After the setup you have enabled your users to authenticate in ezeep with their Google accounts and are able to print based on the rules that you set on ezeep. 


During the setup we will have to switch between the Google Administration Console and the ezeep administration portal. We highly recommend to open both portals simultaneously in separate browser windows. 


Google Admin Console 


ezeep administrator portal 



  • ezeep administrator account
  • Google G-Suite administrator account

Create the SSO SAML App on Google Admin Console


In the first step we need to create a SAML App in the Google Admin Console to connect to ezeep. 

Navigate to the SAML apps on the Google Admin Console. You find it on the Google Admin dashboard under Apps -> SAML apps or click on this link: 


Click on the + icon and pick  Setup my own custom app



screenshot: Enable SSO for SAML Application





Google will generate a custom SSO URL, an Entity ID and a certificate which we will need to enter in ezeep. Copy both URLs and download the certificate file to a secure location. 


screenshot: provide Google IdP Information


Click on next to proceed. 




On the next page you can enter some basic information for the ezeep app:



screenshot: Basic information for your Custom App 



Click on next again to get to Step 4. 



This will open the following screen to enter the Service Provider Details:


screenshot: Service Provider Details



To get this information, you need to create an ezeep Single Sign-On configuration set in the ezeep portal. Open the ezeep portal in a new browser window.

Create a Single Sign-On configuration set in ezeep


• Log in to your ezeep administrator account at 

• Click on your account (your email address / display name in our menu on the left)

• Under Single Sign-On you will find the settings that you have set up (there should be none yet) 

• Click on “Add SSO” and chose SAML 2.0

• A new popup will open with SAML settings


Our SAML settings include all basic settings that you need to set up for SAML to work properly. Enter your specific information and remember to save the settings:


screenshot: SAML settings in ezeep




Give the SSO configuration set a well suited name on the top of the popup (RENAME ME) and fill in the following fields:


Organization identifier 

This is your Organization ID which is unique across our whole solution. Each SAML setting needs one Organization ID. It will be the organization code that your users will type in as Organization ID to be automatically forwarded to your custom Google login page. 


It can also be accessed to automatically login to ezeep via Google by visiting this link:{{ YOUR_ORGANIZATION_IDENTIFIER }}  


Entity ID

The URL that Google provided you in the Google Admin Portal (Entity ID)


Identity Provider Login URL 

The Login URL that Google provided you in the Google Admin Portal (SSO URL)


Login Binding type

Choose POST-Binding


Identity Provider Logout URL

This is the URL that we redirect the user to when the user actively wants to log out of a session in our portal.


Logout binding type

Choose Redirect-Binding


Identity Provider Certificate (Base64 encoded)

Pick the certificate that you downloaded from the Google Admin Console to the secure location.




After finishing the configuration click on save to store the configuration set.


screenshot: SAML settings example for GSuite


Now that your Single Sign On configuration set is created, you can click on XML and will automatically forwarded to an XML file. Find the following line on the bottom of the XML code (should be one of the last lines of code)


With the information from the XML file we can proceed in on the Google Admin Console.


Enter the correct Service Provider Details on the Google Admin Console


Now back at the Google Admin Console on Step 4: Service Provider Details we can enter the necessary information. 



You can find the ACS (Assertion Consumer Service) URL in the ezeep configuration. For this, navigate on the ezeep portal to the Single-Sign on settings under account – Single Sign On. On this page, click on the XML link of the configuration (as described above):



screenshot: export SAML settings as XML



This will open a XML file. At the bottom of this file you will find the following line:


<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="" index="1"/>


The full URL stored in Location= is the ACS URL that needs to be entered as the ACS URL (without the quotation marks) e.g. 


Entity ID 


Signed Response 

needs to be unchecked


Name ID

Needs to be set to Primary email


Name ID Format

Needs to be EMAIL





Now your configuration will look like this


screenshot: Service Provider Details


Click on next to proceed. 


On the last step we need to create the mappings so that users can be automatically mapped to ezeep rules based on their department.  When a user knocks on our portal login door with a SAML token, we consider the token and evaluate certain attributes from it and use them accordingly. These attributes need to identify the user and the ezeep groups the user should be a member of. This way we can directly make printers accessible to users based on the groups and policies that exist in your ezeep portal. Note: We will do a string comparison from the Department value in your Google organization with ezeep group names and assign the user to the according group. If you have a “Marketing” department in Google, you will need to create a matching “Marketing” group in ezeep.


Add three mappings by clicking “Add new mapping” and enter the following information for them: 

Employee Details, Department



Basic information, First Name



Basic information, Last Name



screenshot: Attribute Mapping


Activate the SAML application for everyone in Google Admin Console




screenshot: Activate SAML app for everyone in Google Admin Console


When this is set up, the integration is set up and activated for your users in your Google Organization


Login as a user


After ezeep and the Google organization are linked via SAML, users can simply go to and click on “Sign in with Organization ID” or go directly to 


On this page users can enter the Organization identifier that was setup in the ezeep Single Sign On configuration set (In Step 2) and will be redirected automatically to your Google login page to authenticate. Alternatively you can provide a direct link in the following format:{{ YOUR_ORGANIZATION_IDENTIFIER }} 


screenshot: sign in to ezeep with SAML