# Set up single sign-on (SSO) for Amplitude using G Suite Configure SAML single sign-on between Amplitude and G Suite. Source: https://amplitude.com/docs/admin/single-sign-on/g-suite --- On this page - [Before you begin](#before-you-begin) - [Set up SSO for Amplitude using G Suite](#set-up-sso-for-amplitude-using-g-suite) # Set up single sign-on (SSO) for Amplitude using G Suite Amplitude provides a single sign-on integration with G Suite for customers on Scholarship, Growth, or Enterprise plans. ## Before you begin For general information about SSO, refer to [SSO in Amplitude](/docs/admin/single-sign-on/sso). To set up SSO, you must be an org admin for your Amplitude organization. You must also be an administrator for your G Suite organization, and you must configure your own SSO settings. Amplitude enforces this requirement when users log in to your org. ## Set up SSO for Amplitude using G Suite To configure SSO for Amplitude using G Suite: 1. In the [G Suite admin console](https://admin.google.com/), navigate to *Apps* and click the *SAML apps* card. 2. Click the ***+*** button (in the bottom left corner) to add a SAML app. 3. In the modal, click *Setup my own custom app*. 4. Under Option 2, click *Download* to download the IDP metadata. 5. Upload the metadata file in Amplitude, under *Settings > Organizational settings > Access & SSO Settings*, then save the changes. 6. Go back to G Suite and continue with the app creation process. Enter a name and description and optionally upload the logo for easy recognition. 7. Next, G Suite prompts you for the "ACS URL" and "Entity ID". To find the Entity ID and Assertion Consumer Service URL in Amplitude, navigate to *Settings > Organizational settings > Access & SSO Settings*. 8. Finally, in Google Admin, click *Finish* to save the app and enable SSO. Review [just-in-time (JIT) provisioning settings for G Suite administration](http://cloud.google.com/identity/solutions/automate-user-provisioning). There may be a short "settling period" when setting up and validating the configuration. If users get 403 errors, wait a day and try JIT again. Was this helpful?