Identity Provider: Google
Prerequisites
1. User who has the Super Administrator in Google to create applications and assign people to applications.
2. User who has completed the registration in https://www.enterprisedb.com/accounts/register/biganimal and can login BigAnimal portal (Switch to the correct organization if applicable)
3. Verify a domain. This may need to engage the customer's IT team to add TXT record. Steps can refer to doc(have details steps): Add a domain
Set up BigAnimal with Google Workspace's identity provider
Login to BigAnimal portal via EDB Account, go to 'Settings' -> ' Identity Provider' by clicking Profile (right upper corner)
-
In a separate browser tab or window, log into the Google Workspace Admin console.
-
Select Applications, and then select Web and mobile apps:
-
Select Add App, and then select Add custom SAML app.
-
On the App Details page, enter a name for your application.
-
Select Continue.
-
On the Google Identity Provider details page, note the Single Sign-On URL (SSO) URL and Entity ID and download the (signature) certificate (or SHA-256 fingerprint). You will need this information and the file while configuring BigAnimal later in this procedure.
-
Select Continue.
-
The Service Provider Details page opens.
-
Switch to the BigAnimal browser tab.
Copy and paste the following information from the Connection Info tab on the Set Up Identity Provider page to the Service Provider Details tab in Google:
Copy from BigAnimal Paste in Google Audience URI Entity ID Assertion Consumer Service URL ACS URL -
Switch to the BigAnimal browser tab.
-
Switch to the Google Admin console tab.
-
Check the Signed Response box so that the entire SAML authentication response is signed.
-
From the Name ID format menu, select EMAIL. From the Name ID menu, select Primary email.
-
Select Continue.
-
On the Attribute mapping page, select Add another mapping to map additional attributes.
-
Under Google Directory attributes, use the Select field menu to choose the following field names and enter the corresponding App attributes.
Google Directory Attributes App attributes Note Primary email <assertion_path>/emailaddress Required claim First Name <assertion_path>/givenname Additional claim Last Name <assertion_path>/surname Additional claim Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.
- Click Finish.
- By default, SAML Apps are turned off for everyone.
- Select your SAML app and select User access to assign people or groups to the newly created application. If you need to sign into BigAnimal, be sure to assign yourself.
- Switch to the BigAnimal browser tab. On the Setup Config tab on the Set Up Identity Provider page:
a. Paste the Identity Provider Single Sign-on URL you copied from Google into the Single Sign-On URL field.
b. For Identity Provider Signature Certificate, upload the (signature) certificate downloaded from Google.
c. Select the appropriate method for Request Binding. BigAnimal supports HTTP-POST, HTTP-Redirect, and Hybrid.
d. Select the appropriate value for Response Signature Algorithm. BigAnimal supports rsa-sha256 and rsa-sha1.
e. Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.
5. After IDP is set, you need to change the login box. Fill in your email address as BigAnimal Account to login to the portal instead of clicking EDB Account.