> ## Documentation Index > Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt > Use this file to discover all available pages before exploring further. # Configuring a SAML application on Google Workspace > Instructions on how to configure a SAML SSO application with Google Workspace. Log in to Google Admin account, press "Apps" on left sidebar, and under it "Web and mobile apps", then press in main window "Add app" and choose "Add custom SAML app":

In "Add custom SAML app", give App name, and press continue:

In the IdP page, click on the 'download metadata' button.

Once the file is downloaded, navigate to the Metadata File section found within the SAML tab in the Account Management Settings. Paste the **downloaded metadata** values into the designated text field labeled Metadata File.

**NOTE** Please note that the Identifier (Entity ID) value, along with the Single Sign-On URL, can be located within the SAML tab under the Account Management Settings section within the Blink Platform. The **ACS URL** is not available under the SAML tab, therefore you can find it below: **The Entity ID** : `urn:amazon:cognito:sp:eu-west-1_NEemCMO1L`\ **The ACS URL** : `https://cognito.blinkops.com/saml2/idpresponse`\ **Single Sign-On URL** : Please look in the Account Management Settings section within the Blink Platform to find your unique **Single Sign-On URL**.

Using the **ACS URL**, as well as the **Identifier (Entity ID)** value and the **Single Sign-On URL** available in the SAML tab under the Account Management Settings section within the Blink Platform, proceed to copy and insert these values into the designated text fields below. **Note**: Paste the **Single Sign-On URL value** in the **START URL** text field.

Press continue In the **Attribute mapping** page, map **"First name"** to **"given\_name"**, **Last name** to **family\_name**, and **"Primary email"** to **"email"**.

Next, scroll to the **Group Membership** section, select your **Google Groups**, and set the App attribute value as **group** and click 'FINISH'. Then head to the SAML tab under the Account Management Settings section within the Blink Platform and click the **Role Mapping** section and select the applicable values.

When a user belongs to multiple Google groups, Blink resolves role assignment in SAML SSO using a **top-down priority order** based on the `Group:Role` mapping table. The first matching group in the list determines the assigned role. **IMPORTANT** Please note that in the **Mapping** section, at least one mapping role must be designated as an **admin** with administrative privileges. Additionally, the user configuring the group must be a part of the group mapped to the **Admin** role. Otherwise you won't be able to operate as an administrator in your account or access and edit the role mapping again.

After you finish SAML app creation, you can set up User access by changing the status to **ON** for all organizational units: