Skip to main content
Jaapi

Identity & SSO

Google Workspace + Jaapi

Let employees sign in to your swag store with their Google Workspace account. One click, no new passwords, and accounts validated against your company domain. SAML is available for centralized policy control.

Get a demo

Yes, Jaapi works with Google Workspace out of the box. Employees click “Sign in with Google” on your store, pick their work account, and they’re in — no new password, no invitation email to dig up. Accounts are validated against your allowed email domain, so only people at your company get access.

How does Google sign-in work on a Jaapi store?

Google sign-in is built into every Jaapi store and needs no configuration on your side. When an employee signs in with their Google work account, the store checks the email domain against your allowlist and creates or opens their account accordingly. Someone leaving the company loses store access when your Google Workspace admin suspends their account, since they can no longer complete the sign-in.

There’s nothing to install in the Google Admin console for this route — it uses Google’s standard sign-in, the same one your team already trusts for other tools.

Can I use SAML with Google Workspace instead?

Yes. If your IT team prefers centralized control — conditional access, explicit app assignment, sign-in visible in the Workspace audit log — Google Workspace can act as a SAML 2.0 identity provider for your store. You add a custom SAML app in the Google Admin console with the store’s identifier and ACS URL, and exchange metadata with us. That path takes an IT admin about ten minutes, guided by your store’s SSO setup docs.

For most teams, the built-in Google sign-in is the right choice: it’s zero setup and covers the common case. Pick SAML when policy requires it.

Does this handle provisioning too?

Sign-in and provisioning are separate concerns. Google sign-in creates accounts as people first use the store (validated against your domain), which suits most teams. If you want accounts created and deactivated centrally instead, pair SSO with SCIM provisioning from an identity provider, or with an HRIS sync when HR data should also drive credit and gifting rules. All three combine without conflict.

Is it secure?

Yes. Authentication happens entirely with Google — Jaapi never sees or stores a password. New accounts are validated against your allowed email domain, sessions expire automatically, and sign-ins are audit-logged. Jaapi AB is ISO 27001:2022 certified, GDPR compliant, and hosts all data in the EU.

Custom branded tumblers

Ready to send your global team swag they actually want?

Book a demo and we'll show you a store your team will actually be excited about. Quality branded items, made on demand, delivered locally. No warehouse, no customs drama.

Get a demo