Is SafeDevOps a SAFe implementation platform?

Yes. SafeDevOps is a SAFe® implementation platform that helps you plan PIs, manage ARTs, track epics/features/stories, and coordinate SAFe events and roles in one place.

Does SafeDevOps replace CI/CD tools like Jenkins or GitLab?

No. SafeDevOps coordinates the SAFe process and connects strategy to delivery. Your CI/CD tools still run builds and deployments; SafeDevOps provides planning, tracking, and visibility.

How do I start implementing SAFe with SafeDevOps?

Create your organization, set up Agile Release Trains (ARTs), plan your first Program Increment (PI), and begin tracking epics, features, and stories. The documentation guides you step‑by‑step.

SAML SSO Setup with Google Workspace

Enterprise Feature: Complete guide for enterprise customers to configure Single Sign-On (SSO) integration between Safedevops and Google Workspace using SAML 2.0

Complete Setup Guide: Comprehensive step-by-step instructions for configuring SAML SSO between Google Workspace and Safedevops with security considerations and best practices.

Overview & Benefits

What is SAML SSO?

Security Assertion Markup Language (SAML) 2.0 is an industry-standard protocol that enables secure single sign-on (SSO) between Safedevops and your Google Workspace. Once configured, your team members can access Safedevops using their existing Google Workspace credentials.

Key Benefits

Enhanced Security: Centralized authentication through Google Workspace
Improved User Experience: One-click access without additional passwords
Simplified Administration: Manage user access through Google Workspace Admin Console
Compliance Ready: Meet enterprise security and compliance requirements
Automatic Provisioning: Users are automatically created in Safedevops upon first login

Note: This integration uses Google Workspace as the Identity Provider (IdP) and Safedevops as the Service Provider (SP).

Prerequisites

Administrative Access
You'll need Google Workspace Super Admin privileges and Safedevops Organization Admin access to complete this setup.

Required Access:

Google Workspace Super Admin privileges
Safedevops Organization Admin access
Access to your organization's domain DNS settings (if using custom domains)

Account Requirements
Ensure you have the necessary subscriptions and verified domains before beginning.

Organization Admin access in Safedevops
Google Workspace Business or Enterprise account
Verified domain in Google Workspace

Technical Information
Gather the following information before starting:

Your Safedevops organization subdomain (e.g., yourcompany.safedevops.app)
Your Google Workspace domain (e.g., yourcompany.com)
List of users who should have access to Safedevops

Safedevops Configuration

Step 1: Contact Safedevops Support
SAML SSO configuration requires backend setup by our support team. Please contact us with the following information:

Subject: SAML SSO Setup Request for [Your Organization Name]

Organization Details:

- Organization Name: [Your Company Name]

- Safedevops Organization ID: [Found in your Organization Settings]

- Google Workspace Domain: [e.g., yourcompany.com]

- Administrative Contact: [Name and Email]

- Preferred Go-Live Date: [Date]

Additional Requirements:

- Custom domain configuration (if applicable)

- Specific user attribute mappings (if needed)

- Any compliance or security requirements

Step 2: Receive SAML Metadata
Our support team will provide you with the necessary SAML configuration details.

You will receive:

Safedevops SAML metadata XML file
Entity ID (Identifier)
Assertion Consumer Service (ACS) URL
Single Logout URL (if applicable)

Typical Values:
Entity ID: https://service.safedevops.app/saml2/metadata/
ACS URL: https://service.safedevops.app/saml/process-assertion/
Login URL: https://service.safedevops.app/saml2/login/

Google Workspace Configuration

Step 1: Access Google Workspace Admin Console
Begin the configuration process in your Google Workspace Admin Console.

Sign in to the Google Workspace Admin Console
Navigate to Apps → Web and mobile apps
Click Add app → Add custom SAML app

Step 2: Configure App Details
Set up the basic information for your Safedevops SAML application.

Enter the following information:

App name: Safedevops
Description: Safedevops Enterprise DevOps Platform
Upload app icon: (Optional - download from our brand assets)

Click Continue to proceed.

Step 3: Download Google Identity Provider Details
Obtain the Google IdP metadata that you'll share with Safedevops support.

On the "Google Identity Provider details" screen:

Click Download Metadata to save the Google IdP metadata XML file
Note the SSO URL and Entity ID (you'll share these with Safedevops support)
Click Continue

Important: Save the metadata XML file securely. You'll need to provide this to Safedevops support for the final configuration.

Step 4: Configure Service Provider Details
Enter the Safedevops service provider information provided by our support team.

ACS URL: https://service.safedevops.app/saml/process-assertion/

Entity ID: https://service.safedevops.app/saml2/metadata/

Start URL: https://safedevops.app (or your custom domain)

ACS URL: The URL where Google will send SAML assertions
Entity ID: Unique identifier for Safedevops
Start URL: Where users will be redirected after successful authentication
Signed Response: ✓ Checked
Name ID format: EMAIL
Name ID: Basic Information > Primary email

Step 5: Configure Attribute Mapping
Map Google Workspace user attributes to Safedevops user fields for proper user provisioning.

Google Attribute	App Attribute	Required
Basic Information > Primary email	email	✓ Yes
Basic Information > First name	givenName	Recommended
Basic Information > Last name	sn	Recommended

Step 6: Assign Users and Groups
Control which users have access to Safedevops by configuring user assignments.

For pilot testing: Select specific users or create a test group
For organization-wide deployment: Assign to entire organization
For department-specific access: Create and assign relevant organizational units

Best Practice: Start with a small pilot group to test the integration before rolling out to your entire organization.

Step 7: Finalize Configuration
Complete the Google Workspace configuration process.

Review all settings for accuracy
Click Finish to complete the Google Workspace configuration
The app status should show as ON for assigned users

Testing & Validation

Initial Configuration Test
Validate your configuration before going live with all users.

Send the Google IdP metadata XML to Safedevops support
Wait for confirmation that backend configuration is complete
Test with a single pilot user account

User Login Test
Perform comprehensive testing to ensure the SSO flow works correctly.

Test the SSO flow with a pilot user:

Navigate to https://safedevops.app (or your custom domain)
Click "Sign in with Google Workspace" or "SSO Login"
You should be redirected to Google for authentication
After successful Google login, you should be redirected back to Safedevops
Verify that user account is created automatically with correct information

Success Indicators:
✓ User is redirected to Google for authentication
✓ After Google login, user is redirected back to Safedevops
✓ User account is created with correct email and name
✓ User can access Safedevops features normally

Security Considerations

Best Practices

Certificate Management: SAML certificates are automatically managed by Safedevops and renewed before expiration
Response Signing: All SAML responses from Google are verified for authenticity
Secure Transport: All SAML communications use HTTPS encryption
Session Management: Sessions are securely managed with appropriate timeouts

Compliance

This SAML SSO implementation supports various compliance requirements:

SOC 2: Centralized authentication and access controls
GDPR: User data minimization and secure processing
HIPAA: Secure authentication for healthcare organizations
SOX: Audit trails and access controls for financial organizations

Support & Resources

Getting Help

For assistance with SAML SSO configuration:

Email: support@safedevops.app
Priority Support: Enterprise customers receive priority support for SSO issues
Response Time: Initial response within 4 business hours

Additional Resources

Important: This document provides general guidance for SAML SSO setup. Specific configuration details may vary based on your organization's requirements and Google Workspace settings. Always work with Safedevops support for production deployments.

2. Prerequisites

1 Administrative Access

Google Workspace Super Admin privileges
Safedevops Organization Admin access
Access to your organization's domain DNS settings (if using custom domains)

2 Account Requirements

Organization Admin access in Safedevops
Google Workspace Business or Enterprise account
Verified domain in Google Workspace

3 Technical Information

Gather the following information before starting:

Your Safedevops organization subdomain (e.g., yourcompany.safedevops.app)
Your Google Workspace domain (e.g., yourcompany.com)
List of users who should have access to Safedevops

3. Safedevops Configuration

1 Contact Safedevops Support

SAML SSO configuration requires backend setup by our support team. Please contact us with the following information:

Subject: SAML SSO Setup Request for [Your Organization Name]

Organization Details:
- Organization Name: [Your Company Name]
- Safedevops Organization ID: [Found in your Organization Settings]
- Google Workspace Domain: [e.g., yourcompany.com]
- Administrative Contact: [Name and Email]
- Preferred Go-Live Date: [Date]

Additional Requirements:
- Custom domain configuration (if applicable)
- Specific user attribute mappings (if needed)
- Any compliance or security requirements
            

2 Receive SAML Metadata

Our support team will provide you with:

Safedevops SAML metadata XML file
Entity ID (Identifier)
Assertion Consumer Service (ACS) URL
Single Logout URL (if applicable)

4. Google Workspace Configuration

1 Access Google Workspace Admin Console

Sign in to the Google Workspace Admin Console
Navigate to Apps → Web and mobile apps
Click Add app → Add custom SAML app

Screenshot: Google Admin Console - Add custom SAML app

2 Configure App Details

Enter the following information:

App name: Safedevops
Description: Safedevops Enterprise DevOps Platform
Upload app icon: (Optional - download from our brand assets)

Click Continue to proceed.

Screenshot: App Details configuration screen

3 Download Google Identity Provider Details

On the "Google Identity Provider details" screen:

Click Download Metadata to save the Google IdP metadata XML file
Note the SSO URL and Entity ID (you'll share these with Safedevops support)
Click Continue

Important: Save the metadata XML file securely. You'll need to provide this to Safedevops support for the final configuration.

Screenshot: Google Identity Provider details screen

4 Configure Service Provider Details

Enter the Safedevops service provider information (provided by our support team):

ACS URL: https://service.safedevops.app/saml/process-assertion/
Entity ID: https://service.safedevops.app/saml2/metadata/
Start URL: https://safedevops.app (or your custom domain)
            

ACS URL: The URL where Google will send SAML assertions
Entity ID: Unique identifier for Safedevops
Start URL: Where users will be redirected after successful authentication
Signed Response: ✓ Checked
Name ID format: EMAIL
Name ID: Basic Information > Primary email

Screenshot: Service Provider Details configuration

5 Configure Attribute Mapping

Map Google Workspace user attributes to Safedevops user fields:

Google Attribute	App Attribute	Required
Basic Information > Primary email	email	✓ Yes
Basic Information > First name	givenName	Recommended
Basic Information > Last name	sn	Recommended

Screenshot: Attribute Mapping configuration

6 Assign Users and Groups

Control which users have access to Safedevops:

For pilot testing: Select specific users or create a test group
For organization-wide deployment: Assign to entire organization
For department-specific access: Create and assign relevant organizational units

Best Practice: Start with a small pilot group to test the integration before rolling out to your entire organization.

Screenshot: User and Group assignment screen

7 Finalize Configuration

Review all settings for accuracy
Click Finish to complete the Google Workspace configuration
The app status should show as ON for assigned users

5. Testing & Validation

1 Initial Configuration Test

Before going live, perform these validation steps:

Send the Google IdP metadata XML to Safedevops support
Wait for confirmation that backend configuration is complete
Test with a single pilot user account

2 User Login Test

Test the SSO flow with a pilot user:

Navigate to https://safedevops.app (or your custom domain)
Click "Sign in with Google Workspace" or "SSO Login"
You should be redirected to Google for authentication
After successful Google login, you should be redirected back to Safedevops
Verify that user account is created automatically with correct information

3 Test Different Scenarios

Validate these additional scenarios:

First-time login: New user account creation
Returning user: Existing user authentication
Session timeout: Re-authentication flow
Logout: Proper session termination
Access denial: Users not assigned to the app cannot access

6. Troubleshooting

Common Issues and Solutions

Issue: "SAML Response Validation Failed"

Possible Causes:

Incorrect ACS URL configuration
Mismatched Entity ID
Certificate/metadata synchronization issues

Solution: Verify all URLs and identifiers match exactly between Google Workspace and Safedevops configuration.

Issue: "Access Denied" or "User Not Found"

Possible Causes:

User not assigned to Safedevops app in Google Workspace
Incorrect attribute mapping
Email domain restrictions

Solution: Check user assignment in Google Admin Console and verify attribute mappings.

Issue: Redirect Loop or Infinite Redirects

Possible Causes:

Incorrect Start URL configuration
Session cookie issues
Browser cache problems

Solution: Clear browser cache, verify Start URL, and check session configuration.

Debug Information to Collect

When contacting support, please provide:

User email address experiencing the issue
Timestamp of the failed login attempt
Screenshots of any error messages
Browser developer console errors (if any)
Google Workspace SAML app configuration screenshots

Testing Tools

Use these tools to validate your SAML configuration:

Google SAML Tracer: Browser extension to trace SAML flows
SAML Response Decoder: Online tools to decode SAML responses
Browser Developer Tools: Network tab to inspect HTTP requests

7. Security Considerations

Best Practices

Certificate Management: SAML certificates are automatically managed by Safedevops and renewed before expiration
Response Signing: All SAML responses from Google are verified for authenticity
Secure Transport: All SAML communications use HTTPS encryption
Session Management: Sessions are securely managed with appropriate timeouts

Access Control

Principle of Least Privilege: Only assign Safedevops access to users who need it
Regular Access Review: Periodically review and update user assignments
Group-Based Management: Use Google Groups for easier access management
Audit Logging: Monitor access logs for unusual activity

Compliance

This SAML SSO implementation supports various compliance requirements:

SOC 2: Centralized authentication and access controls
GDPR: User data minimization and secure processing
HIPAA: Secure authentication for healthcare organizations
SOX: Audit trails and access controls for financial organizations

8. Support & Contact

Getting Help

For assistance with SAML SSO configuration:

Email: support@safedevops.app
Subject Line: "SAML SSO Implementation Support"
Documentation: Additional resources available in your organization's admin portal

Implementation Services

Safedevops offers professional implementation services for complex enterprise deployments:

Custom attribute mapping
Multi-domain configurations
Advanced security configurations
User training and change management
Integration with other enterprise systems

Contact your account manager or enterprise@safedevops.app for more information.