This guide will take you through the steps for configuring G Suite as the SAML IDP for HyperComply, allowing your users to authenticate to HyperComply through G Suite instead of the usual email/password combination.
- First we’ll log into HyperComply and copy a value we’ll need for G Suite configuration.
- Next we’ll create the HyperComply G Suite “Application” and configure it for HyperComply SAML, copying some values back into HyperComply so both parties can trust each other.
HyperComply Configuration
- Navigate to https://app.hypercomply.com/settings/saml_config
- Copy the value of the “SAML ACS Endpoint” at the bottom of the screen.
- Keep this tab open and complete the steps below, you will need to enter some values from G Suite on this screen at the end of this process.
G Suite Application Creation
- Log in to your G Suite Admin Portal.
- Navigate to application settings: https://admin.google.com/ac/apps/unified
- Click ‘Add App’ and then ‘Add custom SAML app’.
- Name the new application according to your normal naming convention (‘HyperComply’ works great).
- Click “Continue”.
- Under “Option 2: Copy the SSO URL, entity ID, and certificate” you’ll find the values needed to enter into the HyperComply SAML Settings (https://app.hypercomply.com/settings/saml_config)
Copy the following values into the HyperComply settings:
G Suite Value / |
HyperComply Setting |
SSO URL = |
IDP Endpoint URL |
Entity ID = |
IDP Entity ID |
Certificate = |
IDP Certificate |
Once these values have been copied into HyperComply, make sure the “Enable SAML” checkbox at the top of the page is checked and click “Save”.
Once all values have been copied in the HyperComply settings, click “Continue” in G Suite
- On the “Service provider details” page in G Suite:
- Copy the “SAML ACS Endpoint” value from HyperComply into the “ACS URL” and “Entity ID” fields in G Suite
- Under the “Name ID format” field in G Suite, select “EMAIL”
- Leave the “Name ID” field in G Suite as “Basic Information > Primary email”
- Click “Continue” in G Suite
- Under the “Attributes” section in G Suite
- Click “ADD MAPPING”
- Under the “Basic Information” field select “First name”
- Under the “App attributes field” enter “firstName”
- Click “ADD MAPPING”
- Under the “Basic Information” field select “Last name”
- Under the “App attributes field” enter “lastName”
- Click “ADD MAPPING”
- Under the “Basic Information” field select “Primary email”
- Under the “App attributes field” enter “email”
- Click “FINISH”
- You will be redirected to the App settings page in G Suite
- Make sure you are logged out of HyperComply
- Click “TEST SAML LOGIN”
- If prompted to allow access:
- Click “ALLOW ACCESS”
- Select “ON for everyone”
- Click the application name in the top menubar to return to the main settings page
- Click “TEST SAML LOGIN” again
- Known Quirk: If you receive the error “403: not_a_saml_app” from G Suite, you will need to log out of your Google account and log back in to break a cache they hold on their end. Upon logging back in, you should stop receiving this error.
At this point you have connected your G Suite SAML IDP to HyperComply, allowing users to log into HyperComply from G Suite. Any user that logs into HyperComply via G Suite will have an account created for them (if they don’t already have an account). Allowing G Suite users to log into HyperComply can be done by adding and removing Organizational Units to the SAML application through the G Suite admin portal.