Set up Google SSO

Create custom SAML Application

In the Google admin portal navigate to Apps -> Web and mobile apps -> Add app -> Add custom SAML app.

App details

Once there choose a name for the app and optionally a description and icon. Click on Continue

Google Identity Provider details

In the next step, you will see the SSO URL, Entity ID and Certificate. From these values, save the SSO URL and Certificate that we will need later. Click Continue.

Service provider details

In the next step, set the necessary information and save it for later.

• For the Entity ID you can put in any easily identifiable name.

• For the ACS URL put the address of your server (API) container with "/saml/callback" following.

  • example: "https://api.sandbox.decisionrules.io/saml/callback"

• For the Name ID format choose EMAIL

• For the Name ID choose Basic Information > Primary email

Click Continue.

Attribute mapping

Leave as is, no need to set anything up.

Environment Variables

These are the environment variables you will have to provide to your server container. These environment variables are from previous steps. Alternatively, you can find them in the application details in the Service provider details and Manage certificates in this section

• SAML_ISSUER - Entity ID

• SAML_CALLBACK_URL - ACS URL

• SAML_CERT - Certificate

• SAML_ENTRY_POINT - SSO URL

Adding Groups

In the created custom SAML application click on User Access.

• Click on Groups

• Search for a group a click on it.

• Change Service status to ON.

You can find more basic information with examples here: Setup Single Sign-On (SSO)