SAML SSO Setup with Google Workspace
Overview & Benefits
What is SAML SSO?
Security Assertion Markup Language (SAML) 2.0 is an industry-standard protocol that enables secure single sign-on (SSO) between Safedevops and your Google Workspace. Once configured, your team members can access Safedevops using their existing Google Workspace credentials.
Key Benefits
- Enhanced Security: Centralized authentication through Google Workspace
- Improved User Experience: One-click access without additional passwords
- Simplified Administration: Manage user access through Google Workspace Admin Console
- Safedevops Organization Admin access
- Organization Admin access in Safedevops
- Your Safedevops organization subdomain (e.g., yourcompany.safedevops.app)
- List of users who should have access to Safedevops
- Safedevops SAML metadata XML file
- Entity ID: Unique identifier for Safedevops
- Send the Google IdP metadata XML to Safedevops support
- After successful Google login, you should be redirected back to Safedevops ✓ After Google login, user is redirected back to Safedevops
- Certificate Management: SAML certificates are automatically managed by Safedevops and renewed before expiration
- Principle of Least Privilege: Only assign Safedevops access to users who need it
3. Safedevops Configuration
Contact Safedevops Support Important: This document provides general guidance for SAML SSO setup. Specific configuration details may vary based on your organization's requirements and Google Workspace settings. Always work with Safedevops support for production deployments.© 2025 Safedevops. All rights reserved. | Contact Support
Enter the Safedevops service provider information (provided by our support team):
Map Google Workspace user attributes to Safedevops user fields:
Control which users have access to Safedevops:
✓ User can access Safedevops features normally
Safedevops offers professional implementation services for complex enterprise deployments:
Important: This document provides general guidance for SAML SSO setup. Specific configuration details may vary based on your organization's requirements and Google Workspace settings. Always work with Safedevops support for production deployments.© 2025 Safedevops. All rights reserved. | Contact Support
Account Requirements
Ensure you have the necessary subscriptions and verified domains before beginning.
- Organization Admin access in Safedevops
- Google Workspace Business or Enterprise account
- Verified domain in Google Workspace
Technical Information
Gather the following information before starting:
- Your Safedevops organization subdomain (e.g., yourcompany.safedevops.app)
- Your Google Workspace domain (e.g., yourcompany.com)
- List of users who should have access to Safedevops
Safedevops Configuration
Step 1: Contact Safedevops Support
SAML SSO configuration requires backend setup by our support team. Please contact us with the following information:
Organization Details:
- Organization Name: [Your Company Name]
- Safedevops Organization ID: [Found in your Organization Settings]
- Google Workspace Domain: [e.g., yourcompany.com]
- Administrative Contact: [Name and Email]
- Preferred Go-Live Date: [Date]
Additional Requirements:
- Custom domain configuration (if applicable)
- Specific user attribute mappings (if needed)
- Any compliance or security requirements
Step 2: Receive SAML Metadata
Our support team will provide you with the necessary SAML configuration details.
You will receive:
- Safedevops SAML metadata XML file
- Entity ID (Identifier)
- Assertion Consumer Service (ACS) URL
- Single Logout URL (if applicable)
Entity ID: https://service.safedevops.app/saml2/metadata/
ACS URL: https://service.safedevops.app/saml/process-assertion/
Login URL: https://service.safedevops.app/saml2/login/
Google Workspace Configuration
Step 1: Access Google Workspace Admin Console
Begin the configuration process in your Google Workspace Admin Console.
- Sign in to the Google Workspace Admin Console
- Navigate to Apps → Web and mobile apps
- Click Add app → Add custom SAML app
Step 2: Configure App Details
Set up the basic information for your Safedevops SAML application.
Enter the following information:
- App name: Safedevops
- Description: Safedevops Enterprise DevOps Platform
- Upload app icon: (Optional - download from our brand assets)
Click Continue to proceed.
Step 3: Download Google Identity Provider Details
Obtain the Google IdP metadata that you'll share with Safedevops support.
On the "Google Identity Provider details" screen:
- Click Download Metadata to save the Google IdP metadata XML file
- Note the SSO URL and Entity ID (you'll share these with Safedevops support)
- Click Continue
Step 4: Configure Service Provider Details
Enter the Safedevops service provider information provided by our support team.
Entity ID: https://service.safedevops.app/saml2/metadata/
Start URL: https://safedevops.app (or your custom domain)
- ACS URL: The URL where Google will send SAML assertions
- Entity ID: Unique identifier for Safedevops
- Start URL: Where users will be redirected after successful authentication
- Signed Response: ✓ Checked
- Name ID format: EMAIL
- Name ID: Basic Information > Primary email
Step 5: Configure Attribute Mapping
Map Google Workspace user attributes to Safedevops user fields for proper user provisioning.
| Google Attribute | App Attribute | Required |
|---|---|---|
| Basic Information > Primary email | ✓ Yes | |
| Basic Information > First name | givenName | Recommended |
| Basic Information > Last name | sn | Recommended |
Step 6: Assign Users and Groups
Control which users have access to Safedevops by configuring user assignments.
- For pilot testing: Select specific users or create a test group
- For organization-wide deployment: Assign to entire organization
- For department-specific access: Create and assign relevant organizational units
Step 7: Finalize Configuration
Complete the Google Workspace configuration process.
- Review all settings for accuracy
- Click Finish to complete the Google Workspace configuration
- The app status should show as ON for assigned users
Testing & Validation
Initial Configuration Test
Validate your configuration before going live with all users.
- Send the Google IdP metadata XML to Safedevops support
- Wait for confirmation that backend configuration is complete
- Test with a single pilot user account
User Login Test
Perform comprehensive testing to ensure the SSO flow works correctly.
Test the SSO flow with a pilot user:
- Navigate to https://safedevops.app (or your custom domain)
- Click "Sign in with Google Workspace" or "SSO Login"
- You should be redirected to Google for authentication
- After successful Google login, you should be redirected back to Safedevops
- Verify that user account is created automatically with correct information
✓ User is redirected to Google for authentication
✓ After Google login, user is redirected back to Safedevops
✓ User account is created with correct email and name
✓ User can access Safedevops features normally
Security Considerations
Best Practices
- Certificate Management: SAML certificates are automatically managed by Safedevops and renewed before expiration
- Response Signing: All SAML responses from Google are verified for authenticity
- Secure Transport: All SAML communications use HTTPS encryption
- Session Management: Sessions are securely managed with appropriate timeouts
Compliance
This SAML SSO implementation supports various compliance requirements:
- SOC 2: Centralized authentication and access controls
- GDPR: User data minimization and secure processing
- HIPAA: Secure authentication for healthcare organizations
- SOX: Audit trails and access controls for financial organizations
Support & Resources
Getting Help
For assistance with SAML SSO configuration:
- Email: support@safedevops.app
- Priority Support: Enterprise customers receive priority support for SSO issues
- Response Time: Initial response within 4 business hours