1. Sign in to the Google Admin console.
2. Click Security > Set up single sign-on (SSO).
3 Check the Setup SSO with third party identity provider box.
4 Enter the appropriate URLs to set up the third-party Identity Provider (IdP).
5. Upload your verification certificate.
The certificate file must contain the public key so that Google can verify sign-in requests.
6. Optionally, check the Use a domain-specific issuer box to enable a domain-specific issuer. If you enable this feature, Google sends an issuer specific to your domain, google.com/a/your_domain.com, where your_domain.com is replaced with your actual domain name.
If you don't check the box to enable a domain-specific issuer when you set up SSO, Google sends the standard issuer, google.com, in the SAML request.