How to self-configure SSO with GSuite

Simplify the sign-on process for your Enterprise team. βš™οΈ

πŸš€  We have a new & improved experience for Admins to configure SSO & Directory sync! πŸš€

If you are a setting up SSO and Directory Sync for the first time, please refer to this article:
How to configure SSO & Directory sync

If you have already configured SSO using our previous set up and want to configure Directory sync, please reach out to your Customer Success or Account Manager. We are currently working on a self-serve method to migrate existing customers to the new set up. 

Loom uses single sign-on (SSO) for Enterprise users to simplify the sign-in process and allow access to Loom using several authentication sources, including GSuite. Your Workspace must be subscribed to the Enterprise plan if you wish to set up SSO.

πŸ‘‰Note: Loom does not currently support IdP-Initiated SSO. Please Browse to to login.

If you're the Admin of your company's Loom account, you can configure SSO using the following steps:

  1. Go to your Workspace settings by clicking on Settings in the left navigation bar of your Library. Open the security tab and toggle on Single Sign On (SSO).

  2. Select GSuite as your IdP for configuration. Keep this tab open, as you'll be returning to your Loom Workspace later.

  3. Go to and click on Apps. Then click SAML apps.

  4. Open the yellow (+) in the bottom right of your screen. Click Setup my own custom app at the bottom of the menu that opens up.

  5. Copy the SSO URL and download the certificate below it. Keep this tab open.


  6. In Loom, paste the URL under Identity Provider Single Sign On URL. Upload the certificate. Hit save.

  7. Back in your Google Admin tab, click Next. Add an application name and a logo if you want.

  8. Click Next. You'll need to grab some information from Loom and input it into Google.

  • Paste the SSO URL from Loom in the ACS URL in Google.
  • Paste the Audience URI from Loom in the Entity ID in Google.

  1. Click Next, then click Add new mapping. It's time to add some attribute mappings.
  • First write "email," then select "Basic Information" and "Primary Email" for the respective two columns next to it. These fields will be different depending on what you've named them in your Google Admin account.

  • For the next, write "firstName" (Note: this is case sensitive), then select "Basic Information" and "First Name" for the respective two columns next to it.

  • For the last, write "lastName" (again, this is case sensitive) and select "Basic Information" and "Last Name" for the respective two columns next to it.


  1. Click Finish. You'll see a note reminding you to upload Google IDP data on Loom administration panel to complete the SAML configuration process. You can ignore this. Click OK.

  2. Click Edit Service on the next page and turn the Service status ON for everyone. Save your work. Note that these changes may take up to 24 hours to turn on for everyone. You'll be able to see if your domain is active in your Workspace security settings in Loom.

Questions, comments, concerns? Contact us here.   

Happy recording! πŸŽ₯ πŸ˜„

1 out of 1 found this helpful