CloudQuery Platform
  • Introduction
    • Welcome to CloudQuery Platform
    • Getting Help
  • Quickstart
    • Creating a New Account
    • Platform Activation
  • Core Concepts
    • Integrations
    • Syncs
    • Filters & Queries
    • SQL Console
    • Reports
  • Integration Guides
    • Setting up an AWS Integration
    • Setting up an AWS Cost and Usage Integration
    • Setting up a GCP Integration
    • Setting up an Azure Integration
    • Setting up a GitHub Integration
    • Setting up a K8s Integration
      • Using AWS EKS
      • Using Azure AKS
      • Using GCP GKE
    • General Integration Setup Guide
    • General Destination Setup Guide
  • Syncs
    • Setting up a Sync
    • Monitoring Sync Status
  • Cloud insights
    • From cloud asset inventory to insights
      • Security-focused queries
      • Compliance-focused queries
      • FinOps-focused queries
  • Production Deployment
    • Enabling Single Sign-on (SSO)
      • Single Sign-On with Google
      • Single Sign-On with Microsoft
      • Single Sign-On with Okta
  • User Management
    • Platform Roles Overview
    • Workspace Roles Overview
  • Advanced Topics
    • Custom Columns
    • Understanding Platform Views
    • Performance Tuning
  • Reference
    • Search & Filter Query Syntax
  • API Reference
  • CLI Docs
  • CloudQuery Hub
Powered by GitBook
On this page
  • Step 1: Set the Base URL
  • Step 2: Create a SAML app in Google Admin
  • Step 3: Complete App Details
  • Step 4: Download & Upload Metadata
  • Step 5: Enter ACS URL and Entity ID
  • Step 6: Set Attribute Mappings
  • Step 7: Configure Group Membership
  • Step 7: Enable User Access
  • Step 8: Save and Test

Was this helpful?

  1. Production Deployment
  2. Enabling Single Sign-on (SSO)

Single Sign-On with Google

Set up Single Sign-On with Google

PreviousEnabling Single Sign-on (SSO)NextSingle Sign-On with Microsoft

Last updated 3 months ago

Was this helpful?

Step 1: Set the Base URL

  1. In the Platform sidebar, click on your user, then click Admin Settings. Switch to the Single sign-on tab.

  2. In the Base URL field, enter the https URL for your platform installation and click Submit. This will generally match the value in your browser. It should be the domain or subdomain you host CloudQuery platform on, like https://cloudquery.example.com:

Step 2: Create a SAML app in Google Admin

  1. Click Apps → Web and mobile apps → Add app → Add custom SAML app

Step 3: Complete App Details

  1. In the App Name field, enter a name to identify your application with. CloudQuery is a good choice in most cases.

  2. (Optional) Enter a description

  3. Click Continue

Step 4: Download & Upload Metadata

  1. On the next page, click Download Metadata:

This will download an GoogleIDPMetadata.xml file onto your drive. Click Continue.

  1. Upload the XML metadata file in the CloudQuery admin panel by clicking Upload metadata file:

Step 5: Enter ACS URL and Entity ID

Back in the Google Admin interface, enter the value for ACS URL and Entity ID. These values can be copy-pasted from the CloudQuery Platform Admin page:

Copy these values into the highlighted fields:

When done, click Continue on the Google page.

Step 6: Set Attribute Mappings

Next, enter some basic attribute mapping information:

  1. First name → first_name

  2. Last name → last_name

  3. Primary email → email

Step 7: Configure Group Membership

On the same screen, we need to configure which members, if any, will be granted admin access to CloudQuery Platform.

Admin write access allows users to set up and modify syncs, create API keys, add and remove users, and perform other sensitive actions. By default, users that log in via SSO will be granted normal permissions, not admin permissions.

You may want to configure your application so that a specific Google group automatically gets admin permissions. In the example below, we have configured it so that the team-cloud group automatically gets assigned admin. In the CloudQuery admin panel, make sure you set the admin group key to the same value as the app attribute in Google.

Enter exact Google group name and app attribute in the CloudQuery admin panel as well:

When you're done, click Continue in the Google UI.

Please note that at this time, only a single group value is supported. If you wish to have multiple groups map to admins in CloudQuery, we recommend you create a parent group for this purpose.

It is possible to give all users admin rights, if you wish. Do this by selecting All Company (or similar) in your Google setup, and type the exact same string in the Admin group value field in the CloudQuery UI.

Step 7: Enable User Access

Now, click on the User access section.

The entire User access block is clickable

Select ON for everyone. Then click SAVE.

Though not covered in this guide, you can also specify which users in your organization should have access by only turning it on for certain groups.

Step 8: Save and Test

Click Save and enable on the CloudQuery admin page:

On the Google Admin page, click TEST SAML LOGIN.

If everything is set up correctly, you should now be logged into CloudQuery Platform with your Google account.

In a new tab, open

(Optional) Provide an App icon for your users. You can use this icon: (Right-click on the image → Save Image As... → Save to your drive. Then upload it in the Google interface.)

https://admin.google.com/