Google Workspace

Integrating Google with env0 as a SAML provider

Introduction

This guide will detail the various steps required to integrate Google Workspace as a SAML provider for your env0 organization. The current implementation is used for authentication only, where you define your users in your Google Workspace account to enable them access to your env0 organization. You can also add env0 as an application in your user application dashboard.

Steps

  1. Login to your Google Workspace admin dashboard - https://admin.google.com
  2. Go to Apps > Web and mobile apps
  3. Under the Add app button dropdown select Add custom SAML app
  4. Give the app a name and set the app icon and click on the Continue button
App Details

App Details

  1. Copy the SSO URL, Entity ID and download the certificate. You will need to send those over to env0 so we can set up the SAML on our side. Then click on the Continue button
  1. In the ACS URL enter the following: https://login.app.env0.com/login/callback?connection=YOUR_ENV0_ORG_ID
  2. In the Entity ID enter urn:auth0:env0:{YOUR_ENV0_ORG_ID}
  3. Check the Signed Response checkbox
  4. In the Name ID format choose Unspecified
  5. In the Name ID, choose Basic Information and Primary Email
  6. Click on the Continue button
  7. In the Attributes add the following:
Google Directory attributesApp attributes
Primary emailemail
First NamefirstName
Last NamelastName
Name{firstName} {lastName}
Attributes Mapping

Attributes Mapping

  1. In the Group membership add any Groups you would like to sync with env0, and in the App attribute enter teams

πŸ“˜

Groups Syncing

Groups will be synced each time a user logins with the following logic:

  1. env0 will create a new team if one doesn't exists based on the group name it received from the Google Workspace.
  2. If the team exists in env0, env0 will not create a new team.
    env0 will assign the user to all the teams in env0 based on the group names they are part of in the Google Workspace.
  3. If the user was removed from a group in the Google Workspace, env0 will remove them from the team in env0.
  4. The names of the teams in env0 will be the same as the Group Name (including whitespaces) and not the Group Email.
  1. Click on the Finish
  2. In the User Access set the user you would like to have access to env0
User Access

User Access

  1. Upload the SSO URL, Entity ID, and the Certificate you have downloaded to https://www.env0.com/env0-setup-saml-single-sign-on.