Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


You will need to set up attribute mapping for at least the email address at this point. Make a note of the attribute name you choose. If you will need more information than just the email in OpenAthens such as given names, you can set them up at the same time or come back later. Attribute names are case sensitive.


  1. In your OpenAthens administration area go to Management > Connections > Add > SAML

    1. For full details on this type of connection, see the SAML connector page.

  2. Upload the google metadata

  3. Enter the name of the email attribute from earlier as both the unique user attribute and the display name attribute. It is case sensitive.

  4. Save

  5. Go to the 'Relying party' tab and make a note of the metadata address it shows there.


Now that the OpenAthens connection has been set up you can update the ACS and EntityID placeholders you used in your G Suite SAML app.

  1. Navigate to the G Suite app you created (Apps > SAML Apps)

  2. Click on the app and then on the service provider details section


It is the last bit you're interested in (  as that will form part of the ACS URL and entityID of your connection that you are specifying in the G Suite SAML App. Update these to match that part of your metadata address:



You will need to allocate the app to your users before it will work.


  1. Enable OpenAthens login as well - users will be presented a choice. Good if you have many testers.
    1. On the Preferences > Domain page check the option to show the OpenAthens sign-in and save
    2. Now set your SAML connection as live and visible (but not default) and save
  2. Use debug mode. Good if you have only a few testers.
    1. There is no need to set your SAML connection as live or visible - in debug mode it will appear for you but not your end users.