Velaxe
AccessGuard — IAM with JWT, MFA, RBAC & SSO (SAML/OIDC) | Velaxe

AccessGuard

Google Workspace — Integration

Domain-restricted sign-in with Google as IdP using OIDC or SAML, plus group-to-role mapping and optional JIT provisioning.

View App All Integrations

Overview

Domain-restricted sign-in with Google as IdP using OIDC or SAML, plus group-to-role mapping and optional JIT provisioning.

Capabilities

  • OIDC (preferred) or SAML SSO

  • Hosted domains restriction (e.g., example.com only)

  • Group/claim → role mapping for RBAC

  • Just-in-time provisioning of users

  • Automatic JWKS discovery and token validation

Setup Steps (5)

  1. 1

    Step 1

    In Google Admin, create a custom SAML app or configure OIDC credentials in Google Cloud Console.

    Back to top
  2. 2

    Step 2

    Collect Issuer, Client ID/Secret (OIDC) or SAML IdP metadata.

    Back to top
  3. 3

    Step 3

    In AccessGuard → Settings → SSO, add **Google Workspace** and paste the details.

    Back to top
  4. 4

    Step 4

    Restrict allowed domains and set role mappings based on group/claims.

    Back to top
  5. 5

    Step 5

    Save and run a test; verify domain lock and assigned roles.

    Back to top

Limitations

  • SAML requires proper NameID/email formatting; aliases may cause mismatches.

  • Group claims via OIDC may need Directory API or custom claims setup.

FAQs

Can we allow multiple domains?

Yes. Add all verified domains in the allowed list.

Do you support Google personal accounts?

For enterprise, restrict to Workspace domains; personal accounts can be allowed if needed.

Is MFA enforced by Google or AccessGuard?

Prefer Google Workspace MFA; AccessGuard can add local MFA for non-SSO users.

Pricing

Free

Free

Great for trying the integration.

Pro

USD 9.99 / monthly

Enterprise

USD 49.99 / monthly