As a Kisi organization owner you can set up Google single sign-on (SSO) for your Kisi users.
Enable SSO on Google
Set up the integration in Google
- Sign in to your Google Workspace Admin Console
- Click on Apps
- Choose SAML apps
- Click on the Add App dropdown menu and select Add custom SAML app
- Define an app name (e.g. Kisi SSO) and click Continue
- Download IDP metadata and click Continue
- Fill out the fields as follows:
- ACS URL:
https://api.kisi.io/saml/consume/<your-kisi-domain>. (You can find your Kisi organization domain under Organization Setup > Settings)
- Entity ID:
- Start URL: Leave empty
- Signed Response: Check
- Name ID Format: Persistent
- Name ID: Basic Information - Primary Email
- Click Continue
- In the Attribute Mapping section, click Add Mapping and fill out the fields as follows:
- Basic information: Primary email
- App attributes: Email
- Click Finish
- In the User access section, click on the arrow to edit the Service Status
- Select ON for everyone and click Save
- Assign users to the Kisi Application
Set up the integration in Kisi
- Sign in to Kisi
- Under Organization Setup, click on SSO & SCIM and paste the Metadata file that you downloaded in the steps above
- Click Save
- Click Generate Certificate
Import users from Google Directory
Customers who don't yet have SSO set up can still import users from their Google Directory by manually setting up the integration. We recommend, however, setting up SSO to allow your Kisi users to log in with their single, existing credentials.
To be able to set this integration up, you need to have Google Directory setup with at least one Organization unit.
User import integrations can only be done on organization level. This means, you can only import users into organization groups, but not into place groups. Learn more about group types here.
- Sign in to Kisi
- Under Organization Setup, select Integrations and click Add Integration
- Enter a name, open the Type dropdown and select Google Directory User Import
- Click Authorize with Google and you’ll be redirected to the Google Authentication screen
- Sign in with your Google account that has Admin privileges
- Click Accept to allow the integration read access
- Once back in Kisi, select the organizational unit you want to use from Google. The organizational unit needs to be a sub-organization. If you have not created one, you will need to do so
- Define if the import should be done into a Kisi group or as users only
- For the group option, map users to the Kisi Group. A Kisi Group is needed to share access to your place(s) with your users.
- For the users only option, users will be imported but won't receive an invitation email from Kisi or have any access in your place(s)
- Click Add
The integration will be set up immediately. Everyone in the Google Organizational Unit will get an email notification that Kisi access has been shared with them, unless you chose to import as users only.