# Google Workspace
{% hint style="danger" %}
Google Workspace doesn't allow callbacks to urls containing `http` or `localhost` so it can be tricky to test it locally. You should deploy CISO Assistant with a FQDN to bypass these restrictions.
{% endhint %}
Go into **Google Workspace Admin console**
1. On the sidebar menu, go to **Applications** > **Web and mobile applications**
2. Click on **Add an application** > **Add a custom SAML Application**
3. Enter **ciso-assistant** or the name of your choice and click on **continue**
4. You can copy the **SSO URL**, **Entity Id** and **x509 certificate** here but you'll be able to retreive them later
5. Fill **ACS URL** with `/api/accounts/saml/0/acs/`, enter the **Entity ID** which has to be the same than **SP entity Id** in CISO Assistant (**ciso-assistant** by default) and choose **Email** in **Name ID Format**
6. Add two mappings for **First name** and **Last Name**, fill them with those two values: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
7. On application home page, you can now find the **Entity ID**, **SSO URL** and **x509 certificate**
Add a user in your application doesn't automatically create the user on CISO Assistant
You can now [configure CISO Assistant](https://docs.clario.jojmatic.com/~/revisions/XkODTcU9oZQHhpLDNQu8/features-focus/sso) with the **3 parameters** you've retrieved.
