- Be an Ambition Admin
- Be a Google (G Suite) Admin
- Users authenticate into Ambition using your company's Google credentials
- Users already signed into company's G Suite will automatically be signed into Ambition
- Ambition access will automatically be revoked once employees are removed from G Suite
Identity Provider Setup
Configuring the Identity Provider (IdP)
- In G Suite Admin, go to Apps > SAML apps
- Click button in lower right-hand corner to Enable SSO for SAML Application
- Click SETUP MY OWN CUSTOM APP
- Download IDP metadata from Option 2 under Set up single sign-on (SSO)
- Upload the metadata file to a publicly accessible host or forward to Ambition support to host
- Click Next, set Application Name and optionally provide other information, click Next
- Complete the form using the variables provided below, click Next
- Complete attribute mapping as shown in image below
- Enable app for users who need access to Ambition
Name ID: Basic Information > Primary Email
Name ID Format: Email
Replace SUBDOMAIN in the URLs above with your Ambition-assigned subdomain
- Open the left navigation and click Administration > People > Users > Single Sign-On.
- Click the Single Sign-On tab, then click Enable Single Sign-On.
- Complete the form, click Save.
IdP Metadata URL: The publicly accessible URL where your metadata is hosted
First Name SAML Attribute: FirstName
Last Name SAML Attribute: LastName
Automatically Create Ambition Users: When enabled Ambition will automatically create a User and sign the employee into the system. When disabled you must first create Users for desired employees, otherwise they will be denied Ambition access upon initial login.