Single Sign-On with Google
Set up Single Sign-On with Google
Last updated
Was this helpful?
Set up Single Sign-On with Google
Last updated
Was this helpful?
In the Platform sidebar, click on your user, then click Admin Settings. Switch to the Single sign-on tab.
In the Base URL field, enter the https URL for your platform installation and click Submit. This will generally match the value in your browser. It should be the domain or subdomain you host CloudQuery platform on, like https://cloudquery.example.com:
In a new tab, open https://admin.google.com/
Click Apps → Web and mobile apps → Add app → Add custom SAML app
In the App Name field, enter a name to identify your application with. CloudQuery is a good choice in most cases.
(Optional) Enter a description
Click Continue
On the next page, click Download Metadata:
This will download an GoogleIDPMetadata.xml file onto your drive. Click Continue.
Upload the XML metadata file in the CloudQuery admin panel by clicking Upload metadata file:
Back in the Google Admin interface, enter the value for ACS URL and Entity ID. These values can be copy-pasted from the CloudQuery Platform Admin page:
Copy these values into the highlighted fields:
When done, click Continue on the Google page.
Next, enter some basic attribute mapping information:
First name → first_name
Last name → last_name
Primary email → email
On the same screen, we need to configure which members, if any, will be granted admin access to CloudQuery Platform.
Admin write access allows users to set up and modify syncs, create API keys, add and remove users, and perform other sensitive actions. By default, users that log in via SSO will be granted normal permissions, not admin permissions.
You may want to configure your application so that a specific Google group automatically gets admin permissions. In the example below, we have configured it so that the team-cloud group automatically gets assigned admin. In the CloudQuery admin panel, make sure you set the admin group key to the same value as the app attribute in Google.
Enter exact Google group name and app attribute in the CloudQuery admin panel as well:
When you're done, click Continue in the Google UI.
It is possible to give all users admin rights, if you wish. Do this by selecting All Company (or similar) in your Google setup, and type the exact same string in the Admin group value field in the CloudQuery UI.
Now, click on the User access section.
Select ON for everyone. Then click SAVE.
Click Save and enable on the CloudQuery admin page:
On the Google Admin page, click TEST SAML LOGIN.
If everything is set up correctly, you should now be logged into CloudQuery Platform with your Google account.
(Optional) Provide an App icon for your users. You can use this icon: (Right-click on the image → Save Image As... → Save to your drive. Then upload it in the Google interface.)
