Settings
Set up Single Sign-On (SSO) with Google
Step-by-step guide to configure Google Workspace SAML 2.0 Single Sign-On (SSO) for Maxim.
Enable enterprise-grade Single Sign-On with Google Workspace (SAML 2.0) to centralize authentication, improve security, and streamline access to Maxim.
Overview
This guide walks you through configuring Google as the Identity Provider (IdP) for Maxim using SAML 2.0. You will:- Create a custom SAML app in Google Admin Console
- Download IdP metadata
- Configure service provider details (ACS URL, Entity ID)
- Map user attributes
- Enable user access
- Upload metadata to Maxim and test SSO
Prerequisites
- Google Workspace Super Admin access
- Maxim AI admin access
- SAML-based Single Sign-On (SSO) enabled for your plan. Check plans for more details.
Step-by-step setup
1
Create a custom SAML app in Google
- In Google Admin Console, go to Apps → Web and mobile apps
- Click “Add app” → “Add custom SAML app”
2
Application details
Enter an app name (e.g., “Maxim AI”), optionally upload an icon and click “Continue”
3
Download IdP metadata
On the Google IdP details screen:
- Click “DOWNLOAD METADATA” to get the IdP metadata XML and click “Continue”
4
Configure service provider details
- Single sign-on URL (ACS URL):
https://app.getmaxim.ai/api/oauth/saml - Audience URI (Entity ID):
www.getmaxim.ai
5
Attribute mapping
Under the Attributes section, add the following mappings:
- email → Primary email
- firstName → First name
- lastName → Last name
6
Enable user access
From the app’s “User access” section:
- Turn the app ON for everyone, or
- Turn ON for selected Organizational Units (OUs) / Groups as needed
7
Complete the setup in Maxim
- Log in to Maxim AI, go to Settings → Single sign-on, and click “Add identity provider”
- Enter your email address domain as the tenant identifier
- Enter “Google” as the name for the identity provider
- Paste the IdP metadata XML and click “Add provider”
