FREE TRIAL OPEN SUPPORT CASE

Google

This article contains information on how to configure the logging in process with SAML in case of the Google.

General requirements and limitations

Logging into GitProtect using SAML-integrated identity providers should be initiated from the GitProtect panel.

Do not log in from the IdP panel (e.g. from the Auth0 panel) to the application defined for GitProtect.

Do not test the integration from the IdP panel (e.g., from the Azure panel), as this will initiate a login from the IdP panel.

To set up SAML-based SSO with a custom application not in the pre-integrated catalog, follow the steps below.

On the App Details page:

  • Enter the name of the custom app.

  • (Optional) Upload an app icon. The app icon appears on the Web and mobile apps list, on the app settings page, and in the app launcher. If you don't upload an icon, an icon is created using the first two letters of the app name.

Click Continue.

On the Google Identity Provider details page, get the setup information needed by the service provider using one of these options:

Download the IDP metadata file.

Copy the downloaded file to your web server and save the URL. This URL will be needed for configuration of GitProtect.

Click Continue.

In the Service Provider Details window, enter:

  • ACS URL: The service provider's Assertion Consumer Service URL is responsible for receiving the SAML response and it must start with https://GitProtectManagementServiceURL/Auth/AssertionConsumerService where GitProtectManagementServiceURL - URL address to your GitProtect Management Service.

  • Entity ID: This is a globally unique name that the service provider gives you.

  • Start URL: (Optional) This is used to set the RelayState parameter in a SAML Request, which can be a URL to redirect to after authentication.

The service provider supplies all these values.

Click Continue and next page click Finish

Turn on your SAML app

  1. In your Google Admin console (at admin.google.com)...

  3. Select your SAML app.

  4. Click User access.

  5. To turn a service on or off for everyone in your organization, click On for everyone or Off for everyone, and then click Save.

GitProtect side

Log into the GitProtect Web panel, go to the Settings tab and open the External Identity Providers section. Click Add new provider button and fill in the details.

At first, Name, which is your own custom name - i.e. Google, then Entity ID, so in this example, it is SAMLGOOGLE (Application name that we’ve set on the Google side).

Next tape the link of metadata file into the Metadata URL field.

Set up a default Language and Role for the users with proper permissions and it's done! You can now log out of your account and test the configuration with your configured integration.

More about the Roles in GitProtect you can see in the following article:

pageRoles and permissions
PreviousAuth0NextAzure AD

Last updated