# Google Workspace {% hint style="danger" %} Google Workspace doesn't allow callbacks to urls containing `http` or `localhost` so it can be tricky to test it locally. You should deploy CISO Assistant with a FQDN to bypass these restrictions. {% endhint %} Go into **Google Workspace Admin console** 1. On the sidebar menu, go to **Applications** > **Web and mobile applications**

2. Click on **Add an application** > **Add a custom SAML Application**

3. Enter **ciso-assistant** or the name of your choice and click on **continue**

4. You can copy the **SSO URL**, **Entity Id** and **x509 certificate** here but you'll be able to retreive them later

5. Fill **ACS URL** with `/api/accounts/saml/0/acs/`, enter the **Entity ID** which has to be the same than **SP entity Id** in CISO Assistant (**ciso-assistant** by default) and choose **Email** in **Name ID Format**

6. Add two mappings for **First name** and **Last Name**, fill them with those two values: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`\ `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`

7. On application home page, you can now find the **Entity ID**, **SSO URL** and **x509 certificate**

{% hint style="warning" %} Add a user in your application doesn't automatically create the user on CISO Assistant {% endhint %} You can now [configure CISO Assistant](https://intuitem.gitbook.io/ciso-assistant/features-highlights/sso#configure-ciso-assistant-with-saml) with the **3 parameters** you've retrieved.