How to Configure SAML 2.0 for Google

Follow

Supported Features

  • Identity Provider Initiated Login
  • Just in time user provisioning

Configuration Steps

  1. Sign in to Tiled as an Account Admin
  2. Navigate to Account Settings.
  3. Under General Settings, scroll down to the Auto Provisioning 
  4. Select a required Default Role and Default Group for new users
    • NOTE: Users who are Just in time Provisioned into the Tiled account will receive the role and group specified in this step.
  5. Check the Enable Auto Provisioning box:
    Account_setting_1.png

  6. Scroll down to the Saml Settings section.
  7.  Input and org domain
    • NOTE: The value that is input into this field will be used to generate our service provider metadata link as well as our service provider erentityID.
  8. Click Update Settings
    Setting_7_8.png
  9. To build your Identity Provider Metadata XML use the above org domain and insert it into the below URL structure:
    https://api.tiled.co/v2/auth/device/google/{ORG DOMAIN}/metadata.xml
    • EXAMPLE if I set my Org Domain to "saltydog-admin" my resulting metadata URL would be:
      https://api.tiled.co/v2/auth/device/google/saltydog-admin/metadata.xml
    • NOTE: This URL should now resolve to Tiled's service provider metadata, with this information you will have access to the following items needed to complete your set up in Google.
      • entity ID
      • X509 Certificate
      • Assertion Consumer Service URL

We can now add a new SAML application in Google: 

  1. In your Google Admin console (at admin.google.com)...
  2. Go to SAML Apps
    Google_2.png

  3. Click Add + at the bottom right
  4. Click Set up my own custom app.
    The Google IDP Information window opens and the SSO URL and Entity ID fields automatically populate.
    Google_3_4.png

  5. Use option 2 to Download the IDP metadata
    google_5.png

  6. Provide the application a Name, Description and upload a Logo Available here
  7. Click Next
    Google_6_7.png

  8. Copy and the entity ID from the Tiled metadata URL that you created in Step 9 above and paste it in the Identifier (entity ID) field
  9. Copy and the Assertion Consumer Service from the Tiled metadata URL that you created in Step 9 above and paste it in the Reply URL (Assertion Consumer Service URL) field
  10. Check Signed Response
  11. Click Next
    Google8_9_10.png

  12. Click Add New Mapping
    Google_12.png

  13. Create mappings to release the following attributes
    Application Attribute Category User Field
    email Basic Information Primary Email
    name Basic Information  First name

    Google_13.png

  14. Open the Federation Metadata XML saved from Google in Step 5 and Paste it into the Identity Provider Metadata XML section of Tiled
  15. Click Update Settings
    Google_14_15.png

  16. Click Finish

The configuration is now complete you can assign users to the application in Azure and use their built-in test feature to ensure authenticate 

Common Errors

Response Error Potential Fix
{"type":"TypeError","status":500,"message":"Cannot read property '0' of undefined"}}  Ensure the Additional Claims rules from step 19 are properly sending 'email'
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.