Configure Google SAML for Make.com

Leave a Comment / Make.com / By

Configure Google SAML for Make.com

This guide explains how to configure Google SAML single sign-on (SSO) for make.com so your users can sign in securely with their Google Workspace accounts.

Follow the steps below to complete the configuration in Google Admin and connect it to your organization in make.com.

Before you start: Requirements for make.com SAML

Before configuring Google SAML for make.com, make sure you meet these requirements:

  • Administrator access to Google Workspace Admin Console.
  • Administrator access to your organization settings in make.com.
  • All users who will authenticate via SAML must exist in your Google Workspace directory.
  • Users should have matching email addresses in Google Workspace and in make.com, or be prepared to provision them in make.com.

Plan the rollout in advance so you can control who gains access, and ensure users understand that their identity is now managed by Google SAML for your make.com organization.

Create a new SAML app for make.com in Google

The first phase is creating a custom SAML application in the Google Admin Console that will connect to make.com.

  1. Sign in to the Google Admin Console with an administrator account.

  2. Go to Apps > Web and mobile apps.

  3. Click Add app and choose Add custom SAML app.

  4. Enter an application name such as Make.com SSO. Optionally upload an icon for easier identification, then click Continue.

Download Google IdP metadata for make.com

Google provides identity provider (IdP) metadata that you will later upload or copy into your make.com organization settings.

  1. On the Google IdP Information step, locate the option to download the IdP metadata file or copy the SSO URL, Entity ID, and certificate.

  2. Save this information securely. You will need it when you configure SAML in make.com.

  3. Click Continue to proceed to the service provider details for make.com.

Configure service provider details for make.com

Next, you must define the service provider (SP) settings in Google so SAML assertions are sent correctly to make.com.

Basic SAML settings for make.com

In the Service provider details section, enter the connection information provided by make.com. Refer to the official help page at this Google SAML guide for the exact current URLs and values, as they may change over time.

The typical fields you must configure include:

  • ACS URL (Assertion Consumer Service URL) where Google sends SAML responses for make.com.
  • Entity ID (or Audience URI) that uniquely identifies the make.com service provider.
  • Name ID format, usually set to EMAIL to match user accounts.
  • Signed response or assertion options, as specified by make.com.

After filling in these fields based on the current values from the make.com documentation, click Continue.

Attribute mapping for make.com

Google SAML sends user attributes to make.com so accounts can be identified and authorized.

  1. On the Attribute mapping page, add mappings for required attributes such as:

    • Primary emailEmail
    • First nameFirstName
    • Last nameLastName

  2. Use the exact attribute names and formats defined in the make.com SAML documentation.

  3. Click Finish to create the Google SAML app for make.com.

Enable the Google SAML app for make.com users

Once the SAML app is created, you must enable it for the appropriate users or organizational units in Google.

  1. In the Google Admin Console, open the SAML app you just created (for example, Make.com SSO).

  2. Click User access or the equivalent access control section.

  3. Set the application to ON for the desired organizational units or groups.

  4. Confirm that the users who need to sign in to make.com via SAML are included in the selected groups or organizational units.

Switching users gradually can help you test and avoid interrupting access to make.com across your organization.

Connect Google SAML to your make.com organization

With the Google side configured, the next step is to activate SAML in your make.com organization settings and connect the IdP data.

  1. Sign in to your make.com account with an organization administrator profile.

  2. Open the Organization or Security settings area where SAML or SSO options are available.

  3. Locate the option to Enable SAML SSO for make.com.

  4. Paste or upload the Google IdP metadata you saved earlier. This usually includes:

    • The SSO URL
    • The Entity ID
    • The X.509 certificate

  5. Save the configuration, then test the connection using the provided test button or by attempting a SAML login from a test account.

If the test is successful, you can enforce SAML SSO for all or selected users in make.com using your organization settings.

Test SSO login flow for make.com

Before enforcing SAML, verify that users can sign in and access make.com correctly.

  1. Sign out of your current make.com session or use a private browser window.

  2. Open the make.com login page and choose the SSO option associated with your Google domain, if available.

  3. When redirected to Google, sign in with a test user who has access to the SAML app.

  4. Confirm that you are redirected back and logged in to make.com without errors.

Repeat the test with different user roles if necessary to confirm that permissions and access levels are applied as expected in make.com.

Troubleshooting Google SAML issues with make.com

If users cannot sign in to make.com using Google SAML, verify these common issues:

  • Incorrect ACS URL or Entity ID: Compare the values in Google Admin with the latest details from the official make.com documentation at help.make.com/google-saml.
  • Certificate mismatch: Ensure the Google IdP certificate uploaded to make.com matches the one configured in the SAML app.
  • Email mismatch: Confirm the user’s email address in Google Workspace is the same as in make.com.
  • App not enabled: Check that the SAML app is turned on for the user’s organizational unit or group in Google Admin.
  • Attribute mapping errors: Make sure required attributes, especially email, are correctly mapped and sent to make.com.

Review SAML response logs, if available, to identify missing attributes, invalid audience, or time skew issues. Usually, correcting the ACS URL, entity ID, or certificate resolves most connectivity problems between Google and make.com.

Security best practices for make.com SAML setup

Using Google SAML with make.com enhances security, but it is important to maintain strong identity management practices.

  • Enforce multi-factor authentication (MFA) for Google Workspace accounts.
  • Regularly review user access and remove accounts that no longer require make.com.
  • Rotate certificates and keys in line with your security policies and update them promptly in make.com.
  • Limit SAML app access in Google to only the groups that need make.com.

Keep your SAML configuration aligned with organizational security guidelines and update settings as your identity or access requirements change.

Additional resources beyond make.com documentation

For more advanced automation and integration help related to make.com and Google SAML, you can consult external experts. For example, Consultevo provides consulting services focused on automation platforms and workflow optimization.

Always rely on the official make.com Google SAML help page for the latest values, screenshots, and field names, as these can change as the product evolves.

By completing the steps in this guide and validating your SSO flow, you will have a secure Google SAML integration for make.com that simplifies sign-in and centralizes identity control in Google Workspace.

Need Help With Make.com?

If you want expert help building, automating, or scaling your Make scenarios, work with ConsultEvo — certified workflow and automation specialists.

Get Help

Leave a Comment

Your email address will not be published. Required fields are marked *