Configure single sign-on using Google SAML

This feature is only available on our Enterprise plan. Contact sales for more information.

Before you begin, make sure you have an Admin account (Viewer or Contributor) with Abstract.

Step 1: Configure SAML 2.0 for Abstract in Google

  1. As an Admin, create a new SAML app called Abstract in
  2. In ACS URL, enter
  3. In Entity URL, enter
  4. In the Attribute Mapping section, enter a mapping called exactly email

About SAML responses:

  • We currently only support HTTP:POST binding.
  • We are expecting an “email” Assertion Attribute, as shown below.

<saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">    <saml2:AttributeValue xmlns:xs="" xmlns:xsi="" xsi:type="xs:string"></saml2:AttributeValue></saml2:Attribute>

About XML Metadata:
By default, Google SAML provides a URL to your XML metadata that is only accessible for authenticated admins. Have your XML metadata available via a public URL in order to configure SSO on Abstract. You can use to create a public URL. Simply, create a + new paste with your XML metadata and click Raw.

Step 2: Set up SAML single sign-on in Abstract.

  1. Open the Abstract app (desktop or web).
  2. In the left side pane, click on the organization name.
  3. From the dropdown, select Organization Settings.
  4. Select the Permissions tab.
  5. In the Configure SSO section, enter your Metadata URL and Entity ID.
  6. Enter any manual exceptions you might have. Emails listed in the manual exceptions section bypass SSO and can log in with email and password.
  7. Click Test with my Account. If an error occurs when trying to authenticate into Abstract, please consult Google’s Help Center first. If additional assistance is need you can contact our support team.
  8. Toggle Activate SSO on. 
  9. Click Save Changes.