Google Workspace
Requirements
- Your organization uses Google Workspace for authentication.
- You have an Admin role.
Just-in-Time(JIT) Provision
With SAML integration, once a user is created on your end (optionally included in a group that has access to Kubit), that user can log in to Kubit immediately. The user profile information will also be automatically updated at every login time.
When a user is deleted/deactivated on your end, they will lose access to Kubit immediately too. There is no offline communication required.
Configure SAML app
-
Login into the Google Workspace admin console and navigate to the Web and mobile apps screen under the Apps tab.
-
Click on the Add app menu and select Add custom SAML app.
-
On the App details screen name user
Kubitas the App name. Download the Kubit logo from the provided Logo URL and upload it as an App icon.
-
On the step screen(Google Identity Provider details) copy DOWNLOAD METADATA button. Share the metadata file with Kubit Team.
-
On the next step(Service provider details) use the provided ACS URL and Entity ID from Kubit.
-
On the next step(Attributes) map attributes as follows:
Roles and Permissions
You can manage permissions on the Kubit platform using your IdP groups by mapping the
groupsattribute. This step is mandatory for utilizing groups for permission management within the Kubit platform.Google Directory attributes App attributes Primary email email First name given_name Last name family_name First name name 
Test
Once configured properly on both sides, please work with the Kubit Team to test the integration. You will be provided a test URL.
Open Access
You may choose to turn on Kubit App to everyone, or a specific group
IdP-Initiated Login
Due to security concerns, Kubit doesn't support IdP-Initiated SSO. The user has to go to the Kubit website first to initiate the login (SP-Initiated).
Clicking on the Kubit App logo on Google Workspace Dashboard would fail. We don't know a way to hide that logo.
References
Google: Setup your own SAML App
Updated 14 days ago