Google IDP
Last updated
Last updated
Configure HTTPS for LightBeam endpoint before Google AD SAML Configuration.
Refer
to a super administrator account. Then in your Google Admin console.
Go to Menu → .
Click Add App → Add custom SAML app.
Enter the app name and, optionally, upload an icon for your app.
Click Continue.
On the Google Identity Provider details Download the IDP metadata.
Access the LB KeyCloak URL
https://<ip/fqdn>/auth/admin/master/console/
Select the Hamburger Menu (☰) → Configure → Identity providers → Select SAML v2.0
Enter Alias and Name as “Google”
Disable Use entity descriptor option.
Now click on “Browse” button in the Import config from file field.
Here, upload the google IDP xml file which you downloaded as part of the SAML app configuration in Google.
Note down the following details needed to complete the SAML app configuration in Google SSO:
Once all the required changes are done, click on “Add”.
You should see the message "Identity provider successfully created."
In LightBeam, navigate to Settings → Auth Providers to find the Google auth provider.
You will be able to view Google Icon on the login page
Go back to the Google SSO page from where you downloaded the IDP metadata.
Click on CONTINUE.
In the Service Provider Details window, enter:
ACS URL—The service provider's Assertion Consumer Service URL receives the SAML response. It must start with https://.
This is the “Redirect URI - “ from Keycloak
Entity ID—The globally unique name.
Service provider entity ID
Click FINISH.
This will display the app view as follows:
Select your SAML app.
Click User access.
To turn a service on or off for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
Optional - You can also choose to turn a service on or off for an organizational unit or specific access group.
Redirect URI -
Service provider entity ID -
to a super administrator account. Then in your Google Admin console.
Go to Menu → .
