Authenticate with Google (Google SSO)
Who can use this feature
Available on the Organization and Enterprise plans
Only organization admins can configure SSO.
If you are using Google Workspaces to manage your company email, you have two approaches available for authentication.
- Google SSO: Use Google's traditional single sign on (SSO) process. This allows members to log in using their Google managed email address and password.
- Google SAML SSO: If you use SAML and SCIM with Google Workspace, you can set up a custom SAML SSO configuration with Figma.
Google SSO and SAML SSO only to members of the organization. Guests can log in with their external email address and a password.
Google SSO
You can enable Google SSO in your Figma Organization under Admin > Settings > Login and provisioning > Authentication . Members must use the Log in with Google option to log in using their Google-managed company email and password.
- Select Members must sign in with a Google Account to make Google SSO mandatory.
- Select Members may log in with any method, including email and password to make Google SSO optional.
Note: You can disable this requirement at any time, if required. Return to this page and select Members may sign in with any available method, including email and password instead. You will need to update your authentication method to this setting, if you want make changes to your SAML SSO or SCIM settings.
Google SAML SSO
Google also supports SAML SSO and SCIM configurations for Figma, allowing more advanced authentication and user management features. To use Google SAML SSO and SCIM with Figma, you will need to:
- Set up a custom app for Figma in GSuite
- Make SAML SSO required
- Set up a custom SAML configuration in Figma
Note: We've heard that there can be delays when setting up a custom SAML SSO app with Google. If you see a "Not a SAML app" error, or similar, we recommend trying again in a few hours. Google has some recommendations for common errors: Troubleshoot single sign-on (SSO).
Google SAML SSO and SCIM integration
You can configure SAML SSO for Figma using the SAML 2.0 standard. To configure SAML SSO for Figma:
Set up Google as a SAML identity provider
- Sign in to the Google Admin console as a super administrator.
- Go to Menu > Apps > Web and mobile apps, then click Add app.
- Search for "Figma" and select Figma Web (SAML) from the results.
- Copy the SSO URL, Entity ID, and download the certificate from the Google Identity Provider details.
- Leave the Google Admin console open.
Set up Figma as a SAML service provider
- In Figma, sign in as an administrator.
- Go to Admin > Settings > Login and provisioning > Authentication and select Members must log in with SAML SSO.
- Paste the Entity ID and SSO URL.
- Upload the certificate from the Google Identity Provider details.
- Complete the configuration and click Configure SAML SSO.
Learn more in our Guide to SAML SSO.
Complete the configuration in the Google Admin console
- Return to the Google Admin console and enter the details from Figma (ACS URL, Entity ID, and Tenant ID).
- Map Google directory attributes to Figma attributes (e.g., familyName, givenName, email).
- Complete the setup by turning on SSO for your users.
Set up user provisioning (SCIM)
- In Figma, go to Admin > Settings > Login and provisioning > SCIM provisioning and generate an API token.
- Return to the Google Admin console and configure autoprovisioning using the API token and tenant ID from Figma.
- Map the required user attributes and decide how long users have access after their account is suspended or deleted.
- Turn on autoprovisioning for your users.
Note: If you encounter delays or errors when setting up SAML SSO with Google, such as a "Not a SAML app" error, we recommend trying again after a few hours. You can also refer to Google's troubleshooting guide for common SSO issues.