Allow employees to access Whalemate using their Google account.
Implement Single Sign-On (SSO) to simplify access.
Centralize access management from Google Workspace.
Improve security using Google authentication policies.
Facilitate user and access administration.
Important: All users must already exist in Whalemate with the same corporate email they will use to log in. Whalemate does not create users automatically — it only authenticates existing users. If an employee attempts to log in and does not exist in Whalemate, they will receive a "User not found" error.
Whalemate supports two authentication methods with Google
OAuth (Simple setup)
No additional configuration is required. Users simply need to:
Go to the application
Select Sign in with Google
Choose their Google account
Access the platform
SAML (Corporate SSO)
Before starting, have the following information ready, as it will be required for the setup.
Information | Value |
|---|---|
ACS URL | |
Entity ID | |
Email domain |
Log in to admin.google.com with an administrator account.
Create the SAML application
Go to Apps → Web and mobile apps
Click on Add App
Select Add custom SAML app
You will need to complete the following fields:
Field | Value |
|---|---|
App Name | Whalemate |
Description | Security awareness and training platform |
Then click Continue.
On the configuration screen:
Download the certificate (.pem)
Copy the following values:
SSO URL
Entity ID
Save this information for the final step.
Configure the Service Provider
Field | Value |
|---|---|
ACS URL | |
Entity ID | |
Name ID format | |
Name ID | Primary email |
Check: Signed response
Then click Continue
Map attributes
You must add the following attributes:
Google attribute | App attribute |
|---|---|
Primary email | |
First name | firstName |
Last name | lastName |
Enable access
In the application list, find "Whalemate"
Go to User Access
Choose who will be able to use the application:
The entire organization
Organizational units
Specific groups
Save the changes.
Send the data to Whalemate
After completing the configuration in Google Workspace, you must send the Identity Provider data to the Whalemate team to activate SAML for your account.
Send an email to [email protected]:
Subject: "SAML Activation for [your company name]"
Email domain: Your corporate account domain (e.g., @yourcompany.com)
SSO URL: The URL copied in Step 4 (e.g., https://accounts.google.com/o/saml2/idp?idpid=...)
Entity ID: The Entity ID copied in Step 4 (e.g., https://accounts.google.com/o/saml2?idpid=...)
Certificate: Attach the .pem file downloaded in Step 4
The Whalemate team will register this data, activate SAML for your domain, and confirm when it is ready. Once active, when users enter their corporate email in Whalemate, the system will automatically detect that SAML should be used and redirect them to Google for authentication.
Note: If your company manages multiple email domains (e.g., @company.com and @company.es), include this in the email so all can be configured.
Do my employees need to create new passwords?
No. They will use their existing Google passwords.
What happens if an employee leaves the company?
When their Google Workspace account is deactivated, they automatically lose access to Whalemate via SAML. For OAuth, they must also be deactivated in Whalemate.
Does it work with personal Google accounts (@gmail.com)?
Yes, using OAuth. SAML only works with Google Workspace.
Does SAML completely replace OAuth?
Not necessarily. Some users may continue using OAuth (e.g., external consultants with @gmail.com).
Does Whalemate store Google passwords?
No. Whalemate never sees or stores passwords. Google validates the credentials and only sends confirmation.
Is it safe to enable SAML?
Yes. SAML is a security standard used by thousands of companies. It adds an extra layer of security compared to traditional passwords.
