Introduction
This guide provides step-by-step instructions for setting up Single Sign-On (SSO) with Branch using Google as your Identity Provider (IdP).
This guide will:
Help you get your configuration details from Branch.
Show you how to create and configure a SAML 2.0 application in Google Workspace.
Link you back to the main Configure SSO guide to complete the setup.
Configure SSO
To configure SSO, you’ll need to get your unique URLs from Branch, configure Google, and then finish the setup in Branch.
Before you begin
Before you begin, ensure you have:
Admin access to your Branch account.
Admin access to the Google Admin console.
SSO enabled for your Branch account.
Access to SSO requires a premium Branch plan. Please contact our Sales team to learn more about pricing and availability.
Step 1: Get configuration details from Branch
In Branch, navigate to Account → Settings → SSO.
Click the Setup SSO button.
You will be taken to a new browser tab. In this tab, click Get Started.
In the Select Your Identity Provider section, select Custom SAML. Then click Next.
You will land on the Configure Custom SAML page. Keep this browser tab open and copy the following two values, as you will need them for step 5 below:
Single Sign-On URL(also known as Assertion Consumer Service URL)Service Provider Entity ID(also known as Audience URI)
Select Next.
Step 2: Configure Google SAML
In a different tab, log in to your Google Admin console to create the Branch application.
In Google Admin, navigate to Apps → Web and mobile apps.
Select Add app → Add custom SAML app.
On the App details page, enter an app name (e.g., "Branch") and optionally add a description or upload an app icon. Select Continue.
Step 3: Download Google IdP details
On the Google Identity Provider details page in Google Admin, there is configuration information that you'll need for Branch.
Keep this page open - you'll need to copy the SSO URL and download the Certificate in the next step.
Step 4: Configure connection in Branch
Before completing the Google configuration, you need to provide Google's IdP details to Branch.
Go back to your Branch Configure Custom SAML browser tab (from Step 1).
On the Configure connection page, select Manual.
Copy the SSO URL from Google (from Step 3) and paste it into Branch's Single Sign-On Login URL field.
Select Download Certificate in Google's setup page to download the certificate file.
Upload this certificate file to Branch's Signing Certificate field.
Keep the Branch tab open - you'll complete the connection after finishing the Google setup.
Step 5: Configure service provider details in Google
Return to the Google Admin console to complete the SAML app configuration.
On the Service provider details page, fill in the fields using the values from the Branch tab you kept open from Step 1:
ACS URL: Paste the Single Sign-On URL from Branch.
Entity ID: Paste the Service Provider Entity ID from Branch.
Start URL (optional): Leave blank.
Signed response: Leave unchecked.
Configure the Name ID settings:
Name ID format: Set to UNSPECIFIED
Name ID: Set to Basic Information > Primary email
Select Continue.
Step 6: Map attributes in Google
Branch requires three attributes to be sent in the SAML response to provision and identify users.
Warning
To set up a successful mapping, you must use the attribute names
firstName,lastName, and
Google Directory attributes | App attributes |
|---|---|
Primary email |
|
First name |
|
Last name |
|
On Google’s Attribute mapping page, use Add mapping to add each attribute from the table above.
Make sure you enter the app attribute names exactly as spelled and cased here:
email,firstName,lastNameSelect Finish to save your Google Workspace application.
Step 7: Test SSO
Use step 2.4 from our main SSO guide to test the connection between Google and Branch.
More information
For more complete information about configuring SSO for Branch, visit our Configure SSO (General SAML) guide.