Here is a step-by-step guide on how to setup Sana as a SAML 2.0 application in Google Workspace.
SSO configuration with Salesforce
⚠️ In order to follow the steps below, you must be logged in as a Salesforce administrator.
From the setup, in the quick find box, type Identity Provider and select it
Click enable Identity Provider and save the changes
Connected app for SSO SAML 2.0
In the quick find box, search and select App Manager
Create a new connected app and fill in the details for app name and contact email
Enable the SAML option under the Web App Settings
Enter your Sana SP metadata and replace the <domain> with your actual Sana domain
Entity ID - https://<domain>.sana.ai/x-realtime/auth/saml/metadata
ACS URL - https://<domain>.sana.ai/x-realtime/auth/saml/acs
Select SHA256 in the Signing Algorithm for SAML Messages option.
The Subject Type should be the email of the user.
Click save at the bottom of the page.
Configuring and mapping the attributes
Scroll down to the bottom of the app overview till you find Custom Attributes.
Sana requires three attributes, which are the following (following the exact casing):
firstName
lastName
emailOnce you have clicked "New", a dialog box should appear which will allow you to map the Salesforce field this attribute will use. Then click save.
Important note: You won't be able to add email as a custom attribute as it is a reserved attribute already in Salesforce, this means it'll automatically be added in the SAML assertion.
Providing your IdP Metadata
In the quick find box, search for App Manager and click manage to the Sana SSO app you've created.
Note down the Issuer under the SAML Service Provider Settings section.
Note down the SP-Initiated Redirect Endpoint URL under the SAML login information section.
Click on the IdP certificate, and select download certificate.
Once you have all of the required information, kindly send the following to your Sana Integrations/ImplementaItions Specialist:
Issuer
SP-Initiated Redirect Endpoint URL
IdP Certificate