SAML SSO with Google Workspace (previously G-Suite)

SAML SSO is only available on our Org plan.
You must be an admin to enable SAML SSO.

To configure SAML SSO with Google Workspace, you should add the following values to the integration:

ACS URL: You'll find the value in your Workplace settings, after enabling SAML SSO.

Entity ID: https://whimsical.com
Start URL: https://whimsical.com
Signed response: enable
Name ID format: EMAIL
Name ID: Basic Information > Primary email

Attribute mapping in Google does not happen automatically, but you should manually map the first name and last name attributes so that those get sent to Whimsical:

First name > FirstName
Last name > LastName

Profile photo mapping is not supported. But you can add your own profile picture in Whimsical. Read this article to learn how.

After SAML SSO is successfully configured, you can go to your Whimsical Workspace settings and adjust two more things:

Default user role: Whimsical supports JIT (Just-in-time) account provisioning. That means that Whimsical will create an account for a user authenticating via SAML if necessary. New users will be created with the role and permissions you choose:
- Editors - paid role with full ability to create and edit content
- Viewers - free role with read and comment-only limited permissions
Require SAML for login: You can enable this optional setting if you want to prevent users from accessing your workspace with other means of authentication, such as a password or via Google SSO.