15Five cloud application

You must be signed in as a super administrator for this task.

With Security Assertion Markup Language (SAML), your users can sign in to enterprise cloud applications with their Google Cloud credentials.

Set up SSO via SAML for 15Five

Before configuring SSO for 15Five, you need a 15Five domain. For example, the domain name for your account could be your_domain in https://{your_domain}.15five.com/. This is provided after registration.

Step 1: Set up Google as a SAML identity provider (IdP)
  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenWeb and mobile apps.
  3. Click Add appand thenSearch for apps.
  4. Enter 15Five in the search field.
  5. In the search results, hover over the 15Five SAML app and click Select.
  6. On the Google Identity Provider details page:
    • Copy and save the SSO URL.
    • Download the Certificate.
    • Download the IdP Metadata.
  7. Click Continue.

    On the Service provider details page, the ACS URL and Entity ID fields are automatically populated.

  8. Replace the occurrences of {your-domain} placeholder in these fields with your 15Five domain. For example, ACS URL (https://{your-domain}.15five.com/access/saml/consume) and Entity ID (https://{your-domain}.15five.com). 
  9. The default Name ID is the primary email.
  10. Leave the Name ID Format as Email.
  11. Click Continue.

    Note: Attribute mapping is not required for 15Five.

  12. On the Attribute mapping page, click Finish.
Step 2: Set up 15Five as a SAML 2.0 service provider (SP)
  1. Open a new incognito browser window.
  2. Sign in to the 15Five application with your organization's administrator account.
  3. Click Company Settings.

  4. Click Single Sign-On.

  5. Click Getting Started and enter the subdomain name for your organization.

  6. Click XML Setup and paste the IdP Metadata downloaded in step 1.

  7. On the Detail Setup page:
    • In the IdP Identity ID field, paste the Entity ID.
    • In the IdP Single Sign-On Service URL field, paste the SSO URL.
    • From the IdP Single Sign-On Service Binding list, select HTTP-Redirect.
    • Leave the Metadata URL field blank.
    • In the User Attributes fields, enter NameID Content as the email and attribute name as the mail.
  8. Click Save.

Step 3: Enable the 15Five app
  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenWeb and mobile apps.
  3. Select 15Five.
  4. Click User access.
  5. To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save.

  6. (Optional) To turn a service on or off for an organizational unit:

    1. At the left, select the organizational unit.
    2. Select On or Off.
    3. Click Override to keep your setting if the service for the parent organizational unit is changed.
    4. If Overridden is already set for the organizational unit, choose an option:
      • Inherit—Reverts to the same setting as its parent.
      • Save—Saves your new setting (even if the parent setting changes).

    Learn more about organizational structure.

  7. (Optional) Turn on the service for a group of users.
    Use access groups to turn on a service for specific users within or across your organizational units. Learn more

  8. Ensure that your 15Five user account email IDs match those in your Google domain.
Step 4: Verify that SSO is working

15Five supports both Identity Provider (IdP) initiated and Service Provider (SP) initiated SSO. Follow these steps to verify SSO in either mode:

IdP-initiated

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenWeb and mobile apps.
  3. Select 15Five.
  4. At the top left, click Test SAML login

    15Five should open in a separate tab. If it doesn’t, use the information in the resulting SAML error messages to update your IdP and SP settings as needed, then retest SAML login.

SP-initiated

  1. Close all browser windows.
  2. Open https://{your-domain}.15five.com. You should be redirected to the Google sign-in page.
  3. Enter your user name and password.

    After your user name and password are authenticated, you're redirected back to 15Five.

Step 5: Set up auto-provisioning

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue