SAML with Google¶

Here are the steps to integrate SAML to Faraday using Google:

Step 1: Navigate to Google admin website.

Step 2: Sign in using an account with super administrator privileges.

Step 3: In the Admin console go to Menu → Apps → Web and mobile apps.

Step 4: Click Add app → Add custom SAML app.

Step 5: On the App Details page: * Enter the name of the custom app. * (Optional) Upload an app icon.

Then click Continue.

Step 6: From the Google Identity Provider details page copy the SSO URL, the Entity ID (Identity ID on Faraday's SAML configuration) and the IDP Certificate. Paste them on Faraday's SAML configuration.

Click on Continue.

Step 7: Run this command at a Terminal:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 1825 -out certificate.pem

This command will return a key that goes into SP Private Key field and a certificate that goes into SP Certificate field on Faraday's SAML configuration.

Step 8: In the Service Provider Details, enter an ASC URL, Entity ID and Start URL with following format: * ASC URL: https:///_api/saml/acs * Entity ID: https:///_api/saml/metadata.xml * Start URL: https:///_api/saml/login

Finally, check the Signed response checkbox. Then configure your Name ID and click Continue.

Step 9: In Attributes mapping page you should select Primary email and define the App attribute as username.

Then click Finish.

Step 10: In the Admin console go to Menu → Apps → Web and mobile apps. Select your SAML app and click User access.

Step 11: To turn on the service for everyone in your organization, click On for everyone, and then click Save.

For more information about configuring a custom SAML app in Google, please visit their support page about this topic.