This is a step by step guide for setting up enableHR as a service provider on Google G-Suite.
1. Go to Google Apps Admin, click on "Apps - Manage apps and their settings"
2. Click on "SAML Apps - Manage SSO and User Provisioning"
3. Click on "Add a service / App to your domain"
4. Click on "Setup my own custom App".
5. Download the IDP metadata (Option 2) [TBD: How do they get this to us securely? It's not top secret, but should be protected].
6. Provide the Application Name, Description and Logo.
7. Provide the following information:
(all other options in the screenshot are defaults which are fine)
8. Click "Add New Mapping".
9. Add the following mappings (without quotes):
"Email / User ID" -> Basic Information -> Primary Email
"First Name" -> Basic Information -> First Name
"Last Name" -> Basic Information -> Last Name
(TBD: Confirm that there's no option to include group membership / roles here. There are commercial options with department, etc that may make sense to pass across?)
10. Complete the setup.
11. Turn on the App for users (everyone).
12. Confirm turning on the app.
13. Within Google apps, click on the Waffle icon, then scroll down to the bottom of the list.
14. enableHR shows there - click on it and you should be logged in.