Set up Google SSO

Article to help you setup an Googgle SAML application for use with DecisionRules.

Create custom SAML Application

In the Google admin portal navigate to Apps -> Web and mobile apps -> Add app -> Add custom SAML app.

App details

Once there choose a name for the app and optionally a description and icon. Click on Continue

Google Identity Provider details

In the next step, you will see the SSO URL, Entity ID and Certificate. From these values, save the SSO URL and Certificate that we will need later. Click Continue.

Service provider details

In the next step, set the necessary information and save it for later.

For the Entity ID you can put in any easily identifiable name.
For the ACS URL put the address of your server (API) container with "/saml/callback" following.
- example: "https://api.sandbox.decisionrules.io/saml/callback"
For the Name ID format choose EMAIL
For the Name ID choose Basic Information > Primary email

Click Continue.

Attribute mapping

Leave as is, no need to set anything up.

Environment Variables

These are the environment variables you will have to provide to your server container. These environment variables are from previous steps. Alternatively, you can find them in the application details in the Service provider details and Manage certificates in this section

SAML_ISSUER - Entity ID
SAML_CALLBACK_URL - ACS URL
SAML_CERT - Certificate
SAML_ENTRY_POINT - SSO URL

The SAML_CERT has to be provided as a single line argument without the

------ BEGIN/END Certificate ------

More about SSO Environment variables here.

Adding Groups

In the created custom SAML application click on User Access.

Click on Groups
Search for a group a click on it.
Change Service status to ON.

You can find more basic information with examples here: Setup Single Sign-On (SSO)

Last updated 29 days ago