Use this guide to configure your G Suite as a single sign-on Identifier Provider (IdP) for your Skeddly account.
Step 1: Get the SAML metadata from your G Suite account
1. Sign-in to your domain administrator for your G Suite account and navigate to https://admin.google.com
2. From the main Admin menu, expand "Security" then click on "Settings".
3. On the "Security" page, scroll down to the action called "Set-up single sign-on (SSO) for SAML applications".
4. Expand that section by clicking on the title or the "down arrow".
5. Scroll down to the "IdP metadata" section and click on the "Download Metadata" button.
An XML file should be downloaded to your computer. Keep track of this file, you'll need it for the next step.
Step 2: Create a Skeddly Identity Provider
Follow these instructions to create an Identity Provider in your Skeddly account. When creating your Identity Provider, upload the metadata XML file you downloaded from G Suite in step 1.
Make note of the following 2 pieces of information:
The SRN of your Skeddly Identity Provider
The SRN of one Skeddly Managed Policy that you will apply to your user
Step 3: Add the Skeddly SAML attributes to your G Suite user profile
The first task before setting up the SAML app in your Google Apps account is to add the SAML attributes that Skeddly expects in order to allow a SAML-based authentication to take place. You must add the following SAML attribute:
When configuring your SAML app in your Google Apps account, you will be prompted to provide attribute mappings from your Google Apps user profile. This includes details such as Skeddly Managed Policies available to the user and your Skeddly Identity Provider SRN. First, add these details as custom fields to the G Suite user profile.
1. In the G Suite admin panel, go to the Users list. From the main admin menu, expand "Directory" then click on "Users".
2. On the "Users" page, click on the "More" dropdown menu, and select "Manage custom attributes".
3. Click on the "Add custom attribute" button. On the form that appears, fill in the following information:
Category: SSO
Description: (you may leave this blank)
Custom Field Name: Skeddly Roles (you can change this if you want)
Custom Field Info Type: Text
Custom Field Visibility: Visible to user and admin
Custom Field No. of Values: Multi-value
4. Click the "Add" button.
Step 4: Set up the SAML app in G Suite
1. In the G Suite admin panel, from the main menu, expand "Apps" then click on "Web and mobile apps"
2. From the "Add App" dropdown menu, click on "Add custom SAML app". You will presented with a wizard to create the new app.
3. On the "App details" page, populate the following information:
App name: Skeddly
Click "Continue".
4. On the "Google Identity Provider details" page, you have already downloaded the IdP metadata.
Click the "Continue" button.
5. On the "Service provider details" page, populate the following information:
ACS URL:
https://app.skeddly.com/sso/saml/
Entity ID:
https://app.skeddly.com/
Signed Response:
Yes
Name ID Format:
Email
Name ID:
Basic Information > Email Address
Click "Continue".
6. On the "Attribute mapping" page, click the "Add Mapping" button. Populate the following information:
Google Directory attributes: SSO -> Skeddly Roles
App attributes:
https://skeddly.com/SAML/Attributes/Roles
Click "Continue".
Step 5: Grant user access
When you create the SAML app, by default it is turned off. This means that for users logged in to their G Suite account, the SAML app will not be visible to them.
To turn on the SAML app for Skeddly:
1. Expand the "User access" section
2. Select "ON for everyone"
3. Click "Save"
Once done, "Skeddly" should appear in the "Google apps" panel for your users.
Step 6: Add Skeddly Roles to Users
For each user that requires access to Skeddly, do the following.
1. Find that user in the G Suite users directory. Click their name.
2. Expand the "User information" section.
3. Scroll down to the "SSO" section, and click the pencil icon.
4. In the "Skeddly Roles" field, put the Skeddly Identity Provider's SRN, followed by a comma (,), followed by the SRN of the Skeddly Managed Policy that the user should have when signed in to Skeddly.
5. Click "Save".