Skip to content

Choose your language

  • No results

Choose your login

  • No results
Support

How can we help?

PaperCut's AI-generated content is continually improving, but it may still contain errors. Please verify as needed.

Lightbulb icon
Lightbulb icon

Here’s your answer

Sources:

* PaperCut is constantly working to improve the accuracy and quality of our AI-generated content. However, there may still be errors or inaccuracies, we appreciate your understanding and encourage verification when needed.

Lightbulb icon

Oops!

We currently don’t have an answer for this and our teams are working on resolving the issue. If you still need help,
User reading a resource

Popular resources

Help center

FAQs
Conversation bubbles

Contact us

Configure Google Workspace Single Sign-on (SSO) via SAML 2.0

This page applies to:

PaperCut NG PaperCut MF PaperCut Pocket PaperCut Hive

Last updated June 29, 2026

This page describes how to configure Google Workspace Single Sign-on (SSO) via SAML 2.0 for PaperCut MF and PaperCut NG. For more information about SAML 2.0, see User authentication and SSO.

Before you start

Ensure you have Google Workspace Administrator-level access or higher.

Step 1. Provide your organization’s basic configuration details to PaperCut NG or MF

To add and enable a Google Workspace SSO configuration:

  1. Log in to the PaperCut Admin web interface with SSL port ((for example, https://your-papercut-server-name:9192).

  2. Select Options > User/Group Sync tab.

  3. Scroll down to the SSO Single Sign on section.

  4. Click Add SAML2 configuration. The SAML 2.0 SSO configuration page is displayed.

    Screenshot of the SAML 2.0 SSO configuration page showing the first three sections: Provide your organization's details, Configure SAML Identify Provider, and Link your SAML Identity Provider

  5. In the Configuration name field, enter a name for this configuration. This name helps you know which configuration you’re using or editing.

  6. In the Configuration button label field, enter the button label your users will see on your organization’s PaperCut NG or MF login page. Again, if you are using multiple SSO configurations simultaneously, ensure the button label helps users select the right button to log in.

This step is for completing the Link your SAML Identity Provider section.

Screenshot of the Link your SAML Identity Provider section, showing the Manually and URL tabs.

In a separate tab, log in to your Google Workspace Admin console. You must have Administrator access.

  1. In the left menu, select Apps > Web and mobile apps.

  2. In the action selection area, select Add app > Add custom SAML app.

    Google Workspace, Web and mobile apps page showing a list of apps and the Add app dropdown at the top of the list

    The App details page is displayed.

    Google Workspage, App details page showing fields for the app name and description

  3. In App name, enter a name for your application. We’ll use Example SAML app. Then select Continue. The Google Identity Provider details page is displayed.

    Google Workspace, Google Identity Provider details page showing the SSO URL, Entity ID and Certificate details

  4. Copy the SSO URL and paste it into PaperCut:

    1. Go to Option 2 and copy the SSO URL.
    2. Switch to PaperCut and paste the SSO URL in the SSO URL box.

  5. Copy the Entity ID and paste it into PaperCut:

    1. On the Google Identity Provider details page under Option 2, copy the Entity ID.
    2. Switch to PaperCut and paste the Entity ID into the Entity ID box.

  6. Copy and paste the certificate into PaperCut:

    1. On the Google Identity Provider details page, copy the details in the IdP Signing Certificate box, including the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–.

    2. Switch to the PaperCut page and paste the certificate in the IdP Signing Certificate box.
      If you have done this correctly, a green tick and certificate validity message appears.

  7. Leave other boxes on the page empty, and select CONTINUE. The Service provider details tab is displayed.

    Google Workspace, Service provider details page showing empty fields for the ACS URL and Entity ID

Step 3. Configure Google Workspace with PaperCut details

Both URLs below are also available on the PaperCut SAML 2.0 SSO configuration page, in the Configure SAML Identity Provider section.

Screenshot of the
  1. Go to the PaperCut SAML 2.0 SSO configuration page > Configure SAML Identity Provider section.
  2. Copy the PaperCut Reply/ACS URL and paste it into Google Workspace.
    For example: https://10.10.17.7:9192/api/sso/callback/saml, where 10.10.17.7:9192 is replaced with your MF host and port details.
    1. Copy the Reply/ACS URL.
    2. Switch to the Service provider details tab in Google Workspace, and paste the URL into the ACS URL box.
  3. Copy the PaperCut Service Provider Entity ID and paste it into Google Workspace.
    For example, https://10.10.17.7:9192/app/fd2ad995-e626-4c14-a1f8-bad8b2547ea2, where 10.10.17.7:9192 is your MF host and port details.
    1. Switch to the PaperCut MF Configure SAML Identity Provider section and copy the Service Provider Entity ID.
    2. Switch to Google Workspace and copy the ID into the the Entity ID box.
  4. Leave the other boxes on the page empty, and select CONTINUE. The Attribute Mapping page is displayed.
  5. Leave the boxes on the page empty, and select FINISH.
  6. Switch to the PaperCut tab.

Step 4. Test configuration

Test that you can log in with an email address associated with the domain(s) you’re setting up for SSO.

  1. On the PaperCut NG or MF SAML 2.0 SSO configuration page, in the Test configuration section, select Test configuration.
  2. Log in to the IdP using an account with your SSO-related credentials from the domain you configured. A test user is always a good option!
  3. Wait until a test result is displayed.
    • If the Test successful popup is displayed, select Return to SSO Configuration.
    • If the Test failed popup is displayed, make a note of the error information, select Return to SSO Configuration, make the required changes, and test again.
  4. Select Return to SSO configuration to return to the configuration page.

Step 5. Enable the configuration

  1. On the PaperCut NG or MF SAML 2.0 SSO configuration page, in the Enable configuration section:
    • If you’re ready to immediately allow SSO access to PaperCut NG or MF via this configuration, select Yes, enable now.
    • If you’re not ready to start using this configuration, select No, enable later, and save the configuration. You can return to enable it at any time. Before enabling it, test the configuration again.
  2. Select Apply. The Authentication page is displayed.
  3. Check that your SSO configuration is enabled/disabled according to your previous “Enable configuration” selection. If enabled, use a test account to check that SSO is working.

Comments