This guide explains how to configure your Emburse and Google accounts to enable Single Sign-On (SSO) using Google as the Identity Provider.
Note: You must be an admin on both your Emburse and Google accounts to enable this feature.
In your Emburse dashboard, click "Company Settings" in the sidebar. Scroll down to "Security" and click "Enable Single Sign-On".
Enter the domain of your company and click "Next".
Note: only users with email addresses belonging to this domain will be able to use SSO. Before setup, at least one user with the Owner role must have an email belonging to this domain.
Once saved, the Emburse SSO setup window will display an "ACS URL" and "Entity ID" which you'll need to complete your Google App SAML configuration.
In another window, sign in to your Google Admin console.
From the Admin console Home page, go to Apps › SAML Apps. To see Apps on the Home page, you might have to click "More controls" at the bottom.
Click the plus (+) icon in the bottom corner, and select "Set up my own custom app". Under "Option 2", the Google IDP Information window provides a link to the "IDP metadata" XML file. Download this "IDP metadata" file, then click "Next".
The Google IDP Information window should now display fields for providing basic app information. For the "Application Name", we recommend using "Emburse". For the logo, please use this Emburse logo. After providing basic information, click "Next".
The Google IDP Information window should now display fields for providing "Service Provider Details".
For the "ACS URL" and the "Entity ID", please copy over the values provided within the Emburse SSO Setup window what were shown after Step 2.
For the "Name ID", please select the "Basic Information" and "Primary Email" options which are the default values.
For the "Name ID Format", please select the "EMAIL" option, then click "Next".
The Google IDP Information window should now be requesting an "Attribute Mapping". We recommend using the following values:
- "firstname" : Basic Information · First Name
- "lastname" : Basic Information · Last Name
Click "Done" to complete setup within within your Google Admin console. Be sure to enable this new SAML app for those within your organization who need access to an Emburse account.
Return to the Emburse SSO Setup window. Find the field labeled "IDP Metadata". Copy the contents of the Google "IDP metadata" file into "IdP Metadata" field of the Emburse SSO setup page, and click "Save".
Send an email to email@example.com indicating that you would like to have SSO enabled. An admin will verify the configuration and get back to you shortly.
For questions regarding Emburse, email us directly at firstname.lastname@example.org.