Single Sign-On (SSO)

In Azure, go to Enterprise Applications by searching or clicking on the service at the top of the homepage

Click New application

Click Create your own application

Give your app a name (e.g. Land App) and choose the "Non-gallery" option

Click Assign users and groups and make sure relevant groups or users in your Azure directory are assigned to the app. A user needs to be assigned to the SAML app in Azure for SSO to work for them in Land App.

Click Set up single sign on

Click SAML

Now go to your Organisation tab in your Land App account here and click on Set up.

Copy the Entity ID & Assertion Consumer Service URL from Land App or from below:

Entity ID (audience URL):

https://auth.thelandapp.com/sso/saml/metadata

Assertion Consumer Services URL:

https://auth.thelandapp.com/sso/saml/acs

Back in Azure, click on Edit, add these details, and then Save.

Copy the App Federation Metadata URL from Azure and then navigate back to Land App.

Select Continue.

Now select Metadata URL and Continue.

If successful, you will see a confirmation saying SSO is now successfully configured.

Click Finish, and you will see the SSO status has updated.

In the Google Workspace Admin Console, select Apps > Web and mobile apps.

Click on Add app and select Add custom SAML app.

Give your app a name (e.g. Land App)
​
​

Click Continue and on the next page, download the metadata.

Now, go to your Organisation tab in your Land App account here and click on Set up.

Copy the Entity ID & Assertion Consumer Service URL from Land App or from below:

Entity ID (audience URL):

https://auth.thelandapp.com/sso/saml/metadata

Assertion Consumer Services URL:

https://auth.thelandapp.com/sso/saml/acs

Back in Google workspace, click Continue and then add the SP Entity ID and Assertion Consumer Services URL from Land App. You do not need to edit any other details on this page.

Click Continue and then Finish. You do not need to do any attribute mapping.

Now, you need to ensure users have access to the created SAML app. A user needs to have access to the SAML app in Google Workspace for SSO to work for them in Land App.

Click the chevron in the User access section.

Switch the service status to ON for everyone or just give access to specific groups or organisational units using the left-hand options.

Click Save.

Back in Land App, click Continue.

Select the Metadata File option and click Continue.

Now, add the metadata xml file you previously downloaded from Google Workspace and select enable SSO.

If successful, you will see a confirmation saying SSO is now successfully configured.

Click Finish, and you will see the SSO status has updated. As Google Workspace requires the use of the Metadata File, this will need to be re-uploaded before the expiry date. The system will send you an email to remind you closer to the time.

To Disable SSO, go to the Organisation tab in your Account. Click Disable in the Single Sign On settings and complete the confirmation modal.

The first time a user logs in with SSO, it will create a link between their Land App user account and their user account in your Identity Provider (e.g. Azure, Google Workspace).

On the Land App login page, click Log in with SSO

Enter the email address for your Land App account and click Next.

You may be asked to login to your Identity Provider or, if already logged in, you will be automatically logged into Land App. If this was the first time logging in with SSO, a link has been created between your Land App account and your Identity Provider account.