Google

This page will guide us through the steps required to integrate Google SSO into Lenses.

Create a custom attribute for Lenses groups 

  • Open the Google Admin console from an administrator account.
  • Click the Users button
  • Select the More dropdown and choose Manage custom attributes
  • Click the Add custom attribute button
  • Fill the form to add a Text, Multi-value field for Lenses Groups, then click Add

Google SAML create custom attribute

Learn more about Google custom attributes

Assign Lenses groups attributes to Google users 

  • Open the Google Admin console from an administrator account.
  • Click the Users button
  • Select the user to update
  • Click User information
  • Click the Lenses Groups attribute
  • Enter one or more groups and click Save

Google SAML add attribute values

Learn how to create groups to manage permissions with Lenses

Add Google custom SAML app 

Learn more about Google custom SAML apps

  • Open the Google Admin console from an administrator account.
  • Click the Apps button
  • Click the SAML apps button
  • Select the Add App dropdown and choose Add custom SAML app
  • Run through the below steps

App Details 

  • Enter a descriptive name for the Lenses installation
  • Upload a Lenses icon

Google SAML app details

Google Identity Provider details 

Service provider details 

Given the base URL of the Lenses installation, e.g. https://lenses-dev.example.com, fill out the settings:

SettingValue
ACS URLUse the base url with the callback path
e.g. https://lenses-dev.example.com/api/v2/auth/saml/callback?client_name=SAML2Client
Entity IDUse the base url
e.g. https://lenses-dev.example.com
Start URLLeave empty
Signed ResponseLeave unchecked
Name ID formatLeave as UNSPECIFIED
Name IDLeave as Basic Information > Primary Email

Google SAML service provider details

Attribute mapping 

  • Add a mapping from the custom attribute for Lenses groups to the app attribute groups

Google SAML Attribute Mapping

Enable the app 

  • From the newly added app details screen, select User access
  • Turn on the service

Google Enable App

Configure Lenses 

Given the downloaded metadata file and a keystore, add the following configuration to security.conf:

lenses.security.saml.base.url="https://lenses-dev.example.com"
lenses.security.saml.idp.provider="google"
lenses.security.saml.idp.metadata.file="/path/to/GoogleIDPMetadata.xml"
lenses.security.saml.keystore.location = "/path/to/keystore.jks"
lenses.security.saml.keystore.password = "my_keystore_password"
lenses.security.saml.key.password = "my_saml_key_password"

Google SSO should now be fully activated.


See all SSO options.