Read supports a number of different options for configuring single sign-on using SAML, only available to Enterprise+ subscribers. This page explains the step by step process for setting up SAML authentication with Google Workspace. See How to: Setup SAML Authentication with Read AI for a list of other supported SAML providers.
1. Request an ACS URL and Entity ID
Start by sending an email to support@read.ai with the subject "GOOGLE SAML REQUEST: <Your company name>", from your Read.ai account affiliated email asking for the ACS url for your workspace. We will reply back with the following information:
- Entity ID:
https://api.read.ai
- ACS URL:
https://api.read.ai/saml/acs?cid={YOUR_CID}
2. Set up your SAML Application
a) Send your SSO URL, Entity ID, and Certificate to support@read.ai.
As you setup your SAML application you should see your identity provider’s SSO URL, Entity ID, and Certificate. Please send these values to support@read.ai.
See below for how this looks with a Google Workspace Identity Provider SAML app. You may provide the IdP metadata as a an .xml filer if you prefer.
b) Set the Name ID to Primary Email
The Name ID should be set to the primary email. See the following example of a Google Workspace Example:
- "EMAIL" format with a value of "Basic Information > Primary Email".
c) Set the First and Last Name Attributes
Our SAML configuration expects access to first_name and last_name attributes. See below for how this works with a Google Workspace setup:
-
"Basic Information > First Name" with a mapping to "first_name" (no quotes)
-
"Basic Information > Last Name" with a mapping to "last_name" (no quotes)
3. Read Support will confirm that the SAML config has been set for your workspace
Read will finalize your workspace's SAML configuration and confirm via email. Once confirmation has been received you will be able to exercise the SAML SSO flow. Google Workspace has a “Test Login“ button that will allow you to login to read.ai and confirm everything is working.
4. [Optional] Have Read disable other login methods
As an optional final step, if you would like to restrict your users to only logging in via SAML, please let us know at support@read.ai and we will configure this for your workspace. If this is enabled, users who try to log in to Read normally will be automatically redirected to your SAML login flow.