Google Workspace

Last updated on August 7, 2023 • Available in French

This document describes the steps required to activate SSO on your Screen account using the SAML protocol with Google Workspace.

Prerequisites for activating SSO on your Screen account:

You must have admin rights for your Screen account.
You must identify the right person on your end who will be able to implement the required configuration changes on your Google Workspace account, i.e. your system administrator.

Important considerations:

Google Workspace does not support user provisioning so Google Workspace users will still need to be invited directly from your Screen account.
Account-wide failure to login may occur for your users during the configuration process. Reversing the SSO activation on the account can be done at any time if the configuration fails.
At any time, even when the SSO configuration is active, it is possible for an admin to log into the account using email and password credentials through one of the following URLs:
- https://www.codingame.com/work/login?forcePassword (US site)
- https://www.codingame.eu/work/login?forcePassword (EU site)
You may want to test drive the integration on a Screen test account first. In which case, contact your Screen account manager to set up this test account.

Activate the SSO configuration

Open a ticket with the CoderPad support team for SSO Activation.
The support team should then send you three URL parameters linked to SSO:
- SP Entity ID
- SP Assertion Consumer URL
- SP Metadata URL
Configure an “App” in Google Workspace corresponding to Screen:
- Admin > Apps > Web and mobile apps > Add App > Add custom SAML app

In the left nave the "apps" menu item is highlighted.

The apps menu has been expanded and the "web and mobile apps" sub-item is highlighted.

At the top of the screen the "Add app" tab is highlighted.

The "add app" menu has been expanded and the "add custom SAML app" menu item is highlighted.

Copy and send the following parameters to the CoderPad support team:
- SSO URL
- Entity ID
- Certificate
Click Continue and enter the following configuration in the Service provider details panel:
- ACS URL = SP Assertion Consumer URL (from the CoderPad support team)
- Entity ID = SP Entity ID (from the CoderPad support team)
- Leave the other fields unchanged
Click Continue and on the Attributes panel, click the ADD MAPPING button:
- For the Google Directory attributes, select Primary email
- For the App attributes, type User.Email

A mapping of the Primary email to User.email.

4. Click Finish

5. Expand the User access panel of the newly created app and activate the service by selecting the ON for everyone option.

User access page with the expansion arrow highlighted.

Service status screen with the option "On for everyone" selected and highlighted.

6. For testing purposes, add the Google Workspace admin user used to configure SSO as a user of your Screen account.

7. Contact CoderPad support to schedule a real-time meeting between one of our engineers and your system administrator. During the meeting, CoderPad will activate SSO on your account, and you may then check that the Google Workspace admin user can indeed connect to Screen through SSO. Any final adjustments can be made during this call. As an alternative to a real-time meeting, you may just request activation of SSO by contacting support.

8. From now on, any user added to both the Google Workspace and the Screen account will be authenticated through Google Workspace.