Enterprise 3 min readUpdated 29 May 2026

How do I configure SAML SSO on my WeTransfer workspace with Google Admin?

Please note that SSO and SCIM is available only for users on an Enterprise plan. If you'd like to know more, don't hesitate to request a quote to our Sales team.

Create a new application for WeTransfer

  1. Open Google Admin and proceed to Apps -> Web and mobile apps.
  2. From the menu on the top, press on Add app -> Add custom SAML app.
Google Admin: add a custom SAML app

Configure the app

Steps 1 and 2

Fill out the App details in 'Step 1' and then copy the SSO URL and Certificate from 'Step 2':

Google Admin: step 2 of SAML app setup with SSO URL and Certificate

into the SSO configuration panel in WeTransfer:

WeTransfer SSO configuration page with Entity ID and ACS URL

Step 3

Next, copy Entity ID and ACS URL from the WeTransfer SSO configuration panel shown in the picture above into the corresponding fields in Google Admin. Check the 'Signed response' checkbox and select 'EMAIL' in the 'Name ID format' field. Lastly, make sure that the 'Name ID' field is set to 'Basic Information > Primary email'. The final configuration should look like in the image below:

Google Admin: step 3 SAML setup with Entity ID, ACS URL, Name ID format

Step 4

You can skip this step and press 'Finish' in the bottom-right corner to save the configuration.

Assign users to the new SAML app

By default, no users are assigned to the app and no authentication through Google is required. To change this, open the configuration page of the newly created app from the 'Web and mobile apps' menu and press on the 'View details' button in the 'User access' section:

Google Admin: configuration page for SAML app with User access section

From there, you can configure each (or all) organizational unit to use the app by setting the 'Service status' to 'ON for everyone'.

Ask your WeTransfer contact to add and verify your domains

To enable SSO for your team, you must first coordinate with your WeTransfer contact to add and verify your organizational domains. Please note that only non-admin members with email addresses belonging to these verified domains (or their subdomains) will be authorized to log in via SSO. As part of this process, you may be required to perform a DNS verification using a TXT record. You can track the status of your domains in the 'Claimed domains' section, located directly below the 'SSO section.'

Test the configuration

That should be enough! From now on, all non-admin members of your team will be redirected to Google to log in. You can also test the configuration by pressing the 'Test SAML login' button in the app configuration page.

Was this helpful?
Related articles

More in Enterprise.

Enterprise
Activity Log & SIEM Integration
Read article
Enterprise
How do I manage my Workspace?
Read article
Enterprise
How do I upgrade to a Teams or Enterprise plan?
Read article

Questions?

Contact your account manager for any questions. If you're not yet an Enterprise customer, click the button to submit an enquiry.

Request an Enterprise plan