Google Workspace

Integrating Google with env0 as a SAML provider

Introduction

This guide will detail the various steps required to integrate Google Workspace as a SAML provider for your env0 organization. The current implementation is used for authentication only, where you define your users in your Google Workspace account to enable them access to your env0 organization. You can also add env0 as an application in your user application dashboard.

Steps

  1. Login to your Google Workspace admin dashboard - https://admin.google.com
  2. Go to Apps > Web and mobile apps
  3. Under the Add app button dropdown select Add custom SAML app
  4. Give the app a name and set the app icon and click on the Continue button
App Details

App Details

  1. Copy the SSO URL, Entity ID and download the certificate. You will need to send those over to env0 so we can set up the SAML on our side. Then click on the Continue button
  1. In the ACS URL enter the following: https://login.app.env0.com/login/callback?connection=YOUR_ENV0_ORG_ID
  2. In the Entity ID enter urn:auth0:env0:{YOUR_ENV0_ORG_ID}
  3. Check the Signed Response checkbox
  4. In the Name ID format choose Unspecified
  5. In the Name ID, choose Basic Information and Primary Email
  6. Click on the Continue button
  7. In the Attributes add the following:
Google Directory attributesApp attributes
Primary emailemail
First NamefirstName
Last NamelastName
Attributes Mapping

Attributes Mapping

  1. In the Group membership add any Groups you would like to sync with env0, and in the App attribute enter teams

📘

Groups Syncing

Groups will be synced each time a user logins with the following logic:

  1. env0 will create a new team if one doesn't exists based on the group name we received from the SAML provider.
  2. If the team exists in env0 we will not create a new team.
    We will assign the user to all the teams in env0 based on the group names he/she is
  3. part of in the SAML provider..
  4. If the user was removed from a group in the SAML provider we will remove him/her from the team in env0.
  1. Click on the Finish
  2. In the User Access set the user you would like to have access to env0
User Access

User Access

  1. Upload the SSO URL, Entity ID, and the Certificate you have downloaded to https://www.env0.com/env0-setup-saml-single-sign-on.