Use this guide to configure your G Suite as a single sign-on Identifier Provider (IdP) for your Skeddly account. 

1. Sign-in to your domain administrator for your G Suite account and navigate to https://admin.google.com

2. From the main Admin menu, expand "Security" then click on "Settings".

3. On the "Security" page, scroll down to the action called "Set-up single sign-on (SSO) for SAML applications".

4. Expand that section by clicking on the title or the "down arrow".

5. Scroll down to the "IdP metadata" section and click on the "Download Metadata" button.

An XML file should be downloaded to your computer. Keep track of this file, you'll need it for the next step.

Follow these instructions to create an Identity Provider in your Skeddly account. When creating your Identity Provider, upload the metadata XML file you downloaded from G Suite in step 1.

Make note of the following 2 pieces of information:

The first task before setting up the SAML app in your Google Apps account is to add the SAML attributes that Skeddly expects in order to allow a SAML-based authentication to take place. You must add the following SAML attribute:

When configuring your SAML app in your Google Apps account, you will be prompted to provide attribute mappings from your Google Apps user profile. This includes details such as Skeddly Managed Policies available to the user and your Skeddly Identity Provider SRN. First, add these details as custom fields to the G Suite user profile.

1. In the G Suite admin panel, go to the Users list. From the main admin menu, expand "Directory" then click on "Users".

2. On the "Users" page, click on the "More" dropdown menu, and select "Manage custom attributes".

3. Click on the "Add custom attribute" button. On the form that appears, fill in the following information:

4. Click the "Add" button.

1. In the G Suite admin panel, from the main menu, expand "Apps" then click on "Web and mobile apps"

2. From the "Add App" dropdown menu, click on "Add custom SAML app". You will presented with a wizard to create the new app.

3. On the "App details" page, populate the following information:

Click "Continue".

4. On the "Google Identity Provider details" page, you have already downloaded the IdP metadata.

Click the "Continue" button.

5. On the "Service provider details" page, populate the following information:

Click "Continue".

6. On the "Attribute mapping" page, click the "Add Mapping" button. Populate the following information:

Click "Continue".

When you create the SAML app, by default it is turned off. This means that for users logged in to their G Suite account, the SAML app will not be visible to them.

To turn on the SAML app for Skeddly:

1. Expand the "User access" section

2. Select "ON for everyone"

3. Click "Save"

Once done, "Skeddly" should appear in the "Google apps" panel for your users.

For each user that requires access to Skeddly, do the following.

1. Find that user in the G Suite users directory. Click their name.

2. Expand the "User information" section.

3. Scroll down to the "SSO" section, and click the pencil icon.

4. In the "Skeddly Roles" field, put the Skeddly Identity Provider's SRN, followed by a comma (,), followed by the SRN of the Skeddly Managed Policy that the user should have when signed in to Skeddly.

5. Click "Save".