Proton

How to set up SSO for Proton Pass using Google

Reading
4 mins
Categories
Proton Pass
Proton Pass for Business

Our Proton Pass Professional and Proton Business Suite plans support single sign-on (SSO). SSO allows you to securely access multiple web services and SaaS applications using one set of login credentials. In this article, we look at how to set up SSO on Proton Pass using Google as your identity provider (IdP).

Learn more about SSO

How to set up SSO for Proton Pass using Microsoft Entra ID

How to set up SCIM for Proton Pass using Microsoft Entra ID

Proton Pass supports SSO using Security Assertion Markup Language(new window) (SAML) 2.0, an XML(new window)-based open standard used to transferr authentication data verifying your identity between an IdP and a SaaS application. 

Before you start, you’ll need the following: 

  • A Proton Pass Professional or Proton Business Suite account with admin privileges.

Get Proton Pass Professional.

Once you have a Google Account, you must configure it for Proton Pass. You can then configure SAML on your Proton Pass account.

Here’s what we’ll cover next:

  • How to configure Proton Pass on Google
  • How to configure SAML SSO on your Proton Pass account
  • How to add SSO users to Google
  • How to use SSO to sign in to Proton Pass
  • How to manage SSO for Proton Pass

How to configure Proton Pass on Google

1. Log in to your Google Account(new window) and go to AppsWeb and mobile apps Add app → Add custom SAML app

Add custom SAML app

2. Give your app a name and a description (optional) and upload an app icon for it (also optional). Click Continue when you’re ready.

Name your app

3. Click Download metadata. This will download an XML file that you’ll upload to your Proton Pass admin panel later in the setup process (see step 5(new window) under How to configure SAML SSO on your Proton Pass account).

Click Continue when you’re ready.

Download metadata

4. Enter the following information:

Click Continue when you’re ready.

Enter Proton VPN SSO endpoints

5. On the Attribute mapping screen, you can configure attributes and group membership options (both optional). If you’re unsure about these, just click Finish.

Finish

6. You’ve now created a SAML integration for Proton Pass. However, to use it, you must turn it ON for everyone. To do this, click OFF for everyone

Turn your new app on 1

Then select ON for everyone and click SAVE

Turn your new app on 2

(To turn on your SAML integration at a later time, go to AppsWeb and mobile apps → click on the app.)

How to configure SAML SSO on your Proton Pass account

1. Log in to your Proton Pass admin panel and go to Single sign-onSAML authenticationConfigure SAML

2. Add your organization’s domain name and click Add domain

Add domain

3. Verify the domain for your identity provider. To do this, log in to your domain provider’s web portal and enter the DNS TXT record(new window) displayed on this screen. 

Return to your Proton Pass account(new window) and click Continue once you’ve done this. 

Verify domain

4. A screen will show you the endpoints needed by Google. However, we’ve already entered these (see step 4 (new window)of Configure Proton Pass on Google), so just click Continue

5. Import the metadata file you downloaded from Google in step 3 of Configure Proton Pass on Google. To do this, select XML and either drag the XML file to the field provided or click Select file and locate the file using your system’s default file manager. Click Done when you’re ready. 

SSO using Google should now be configured on your Proton Pass account. 

How to use SSO to sign in to Proton Pass

Once your new SSO account is configured on Google, go to your Proton Pass account.

1. Click Sign in with SSO on any Proton Pass login screen. 

2. Enter your email address (as configured on Google by your administrator) and click Sign in

3. Enter your Google SSO username and password (which will be supplied by your manager, or see steps 9 and 10 in the How to add SSO users to Google section above), and click Sign in.

Enter your Google SSO username and password

How to manage SSO users in Proton Pass

Your organization’s users can now log in to Proton Pass apps using their IdP login. To view which users have signed into Pass, log in to your Proton Pass account and go to OrganizationAll users

Note: SSO users will only appear here after they have signed in at least once. 

In the Users section in the Proton Pass admin panel, you can manage individual users using the dropdown menu in the Edit column of the user you wish to manage SSO access for.

To turn off SSO for your whole organization, go to Single sign-onRemove single sign-on Stop using single sign-on.

Please note that doing this deletes all configurations and users associated with your domain. We therefore strongly recommend against turning off SSO for your whole organization.

Didn’t find what you were looking for?

General contactcontact@proton.me
Media contactmedia@proton.me
Legal contactlegal@proton.me
Partnerships contactpartners@proton.me