How to setup Single Sign-On (SSO) with Google Workspace

Note

This feature is only available on Read the Docs for Business.

This how-to guide will provide instructions on how to enable SSO with Google Workspace. If you want more information on this feature, please read Choosing a Single Sign-On (SSO) approach for your organization

Prerequisites

Organization permissions

To change your Organization’s settings, you need to be an owner of that organization.

You can validate your ownership of the Organization with these steps:

  1. Navigate to the organization management page.

  2. Look at the Owners section on the right menu.

If you’d like to modify this setting and are not an owner, you can ask an existing organization owner to take the actions listed.

User setup

Using this setup, all users who have access to the configured Google Workspace will be granted a subset of permissions on your organization automatically on account creation.

You can still add outside collaborators and manage their access. There are two ways to manage this access:

  • Using teams to provide access for ongoing contribution.

  • Using sharing to provide short-term access requiring a login.

Enabling SSO

By default, users that sign up with a Google account do not have any permissions over any project. However, you can define which teams users matching your company’s domain email address will auto-join when they sign up.

  1. Navigate to the authorization setting page.

  2. Select Google in the Provider drop-down.

  3. Specify your Google Workspace domain in the Domain input field and press Save.

Configure team for all users to join

You can mark one or many teams that users are automatically joined when they sign up with a matching email address. Configure this option by:

  1. Navigate to the teams management page.

  2. Click the <team name>.

  3. Click Edit team

  4. Enable Auto join users with an organization’s email address to this team.

  5. Click Save

With this enabled, all users that sign up with their employee@company.com email will automatically join this team. These teams can have either read-only or admin permissions over a set of projects.

Revoke user’s access to all the projects

By disabling the Google Workspace account with email employee@company.com, you revoke access to all the projects that user had access and disable login on Read the Docs completely for that user.

See also

How to manage Read the Docs teams

Additional user management options

Choosing a Single Sign-On (SSO) approach for your organization

Information about choosing a Single Sign-on approach