From 6395baa7d68b122a135ba752a9f354146ddfe4ad Mon Sep 17 00:00:00 2001 From: Hassan Khan Date: Tue, 22 Aug 2023 15:36:17 +0100 Subject: [PATCH] docs(product): add guide for single sign-on with Google Workspace --- docs/docs-new/pages/product/workspace/sso.mdx | 5 + .../pages/product/workspace/sso/_meta.js | 3 +- .../workspace/sso/google-workspace.mdx | 107 ++++++++++++++++++ 3 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 docs/docs-new/pages/product/workspace/sso/google-workspace.mdx diff --git a/docs/docs-new/pages/product/workspace/sso.mdx b/docs/docs-new/pages/product/workspace/sso.mdx index 17ab36ebe6ff9..1af80dc4bee02 100644 --- a/docs/docs-new/pages/product/workspace/sso.mdx +++ b/docs/docs-new/pages/product/workspace/sso.mdx @@ -32,6 +32,11 @@ Single sign-on works with various identity providers. Check the following guides to get tool-specific instructions: + + +Single sign-on with Google Workspace is available in Cube Cloud on +[Enterprise](https://cube.dev/pricing) tier. +[Contact us](https://cube.dev/contact) for details. + + + +## Enable SAML in Cube Cloud + +First, we'll enable SAML 2.0 authentication in Cube Cloud. To do this, log in to +Cube Cloud and + +1. Click your username from the top-right corner, then click Team & + Security. + +2. On the Authentication & SSO tab, ensure SAML 2.0 is + enabled: + + + +Take note of the Single Sign On URL and Service Provider Entity +ID values here, as we will need them in the next step when we configure +the SAML integration in Google Workspace. + +## Create a SAML Integration in Google Workspace + +Next, we'll create a [SAML app integration for Cube Cloud in Google +Workspace][google-docs-create-saml-app]. + +1. Log in to [admin.google.com](https://admin.google.com) as an administrator, + then navigate to + + Apps → Web and Mobile Apps from the left sidebar. + +2. Click Add App, then click Add custom SAML app: + + + +3. Enter a name for your application and click Next. You can + optionally add a description and upload a logo for the application, but this + is not required. Click Continue to go to the next screen. + + + +4. Take note of the SSO URL, Entity ID and + Certificate values here, as we will need them when we finalize the + SAML integration in Cube Cloud. Click Continue to go to the next screen. + + + +5. Enter the following values for the Service provider details + section and click Continue. + +| Name | Description | +| --------- | ------------------------------------------------------------------- | +| ACS URL | Use the Single Sign On URL value from Cube Cloud | +| Entity ID | Use the Service Provider Entity ID value from Cube Cloud | + + + +5. On the final screen, click Finish. + +6. From the app details page, click User access and ensure the app is + ON for everyone: + + + +## Enable SAML in Cube Cloud + +In this step, we'll finalise the configuration by entering the values from our +SAML integration in Google into Cube Cloud. + +1. From the same Authentication & SSO > SAML 2.0 tab, click the + Advanced Settings tab: + + + +2. Enter the following values in the SAML Settings section: + +| Name | Description | +| --------------------------- | ------------------------------------------------------------------ | +| Audience (SP Entity ID) | Delete the prefilled value and leave empty | +| IdP Issuer (IdP Entity ID) | Use the Issuer value from Google Workspace | +| Identity Provider Login URL | Use the Sign on URL value from Google Workspace | +| Certificate | Use the Signing Certificate value from Google Workspace | + +3. Scroll down and click Save SAML 2.0 Settings to save the changes. + +## Test SAML authentication + +To start using SAML authentication, use the +[single sign-on URL provided by Cube Cloud](#enable-saml-in-cube-cloud) +(typically `/sso/saml`) to log in to Cube Cloud. + +[google-docs-create-saml-app]: https://support.google.com/a/answer/6087519?hl=en