Google Workspace
Integrating Google with env0 as a SAML provider
Introduction
This guide will detail the various steps required to integrate Google Workspace as a SAML provider for your env0 organization. The current implementation is used for authentication only, where you define your users in your Google Workspace account to enable them access to your env0 organization. You can also add env0 as an application in your user application dashboard.
Steps
- Login to your Google Workspace admin dashboard - https://admin.google.com
- Go to
Apps
>Web and mobile apps
- Under the
Add app
button dropdown selectAdd custom SAML app
- Give the app a name and set the app icon and click on the
Continue
button
- Copy the SSO URL, Entity ID and download the certificate. You will need to send those over to env0 so we can set up the SAML on our side. Then click on the
Continue
button
- In the
ACS URL
enter the following:https://login.app.env0.com/login/callback?connection=YOUR_ENV0_ORG_ID
- In the
Entity ID
enterurn:auth0:env0:{YOUR_ENV0_ORG_ID}
- Check the
Signed Response
checkbox - In the
Name ID format
chooseUnspecified
- In the
Name ID
, chooseBasic Information
andPrimary Email
- Click on the
Continue
button - In the
Attributes
add the following:
Google Directory attributes | App attributes |
---|---|
Primary email | |
First Name | firstName |
Last Name | lastName |
Name | {firstName} {lastName} |
- In the
Group membership
add any Groups you would like to sync with env0, and in theApp attribute
enterteams
Groups Syncing
Groups will be synced each time a user logins with the following logic:
- env0 will create a new team if one doesn't exists based on the group name it received from the Google Workspace.
- If the team exists in env0, env0 will not create a new team.
env0 will assign the user to all the teams in env0 based on the group names they are part of in the Google Workspace.- If the user was removed from a group in the Google Workspace, env0 will remove them from the team in env0.
- The names of the teams in env0 will be the same as the Group Name (including whitespaces) and not the Group Email.
- Click on the
Finish
- In the
User Access
set the user you would like to have access to env0
- Upload the
SSO URL
,Entity ID
, and the Certificate you have downloaded to https://www.env0.com/env0-setup-saml-single-sign-on.
Updated 7 months ago