Read time: 2 minutes
Last edited: Jan 05, 2022
This topic explains how to configure GSuite to support SSO in LaunchDarkly.
To configure SSO for LaunchDarkly using GSuite, you must complete the following prerequisite:
- Configure SAML for authentication. For more information, read the Google knowledge base.
Use the table below to configure Google fields for LaunchDarkly:
|Google field||LaunchDarkly setting|
|ACS URL||Use LaunchDarkly's Assertion Consumer Service URL value.|
|Entity ID||Use LaunchDarkly's Entity ID value.|
|Start URL||Use LaunchDarkly's Start URL value.|
|Signed Response||Check this box.|
|Name ID||Select "Basic Information" and "Primary Email"|
|Name ID Format||Select "EMAIL"|
|Attribute Mapping||Enter |
Before you create the LaunchDarkly app in GSuite, you must create the LaunchDarkly specific fields for roles and custom roles.
To configure these fields:
- Log into GSuite.
- Navigate to your user directory by clicking Directory and then Users.
- Click the Manage user attributes icon. A popup screen appears:
- Select Add Custom Category.
- Name the custom category whatever you like. In the example below, we used LaunchDarkly Attributes.
Set the "Multiple values" field for
customRoles to Yes. Some users may have more than one custom role, which requires multiple values.
Next, you must add LaunchDarkly to your GSuite apps.
To add LaunchDarkly:
- Navigate to Apps > SAML Apps.
- Click the plus button to Add an app.
- Select Setup my own Custom App to configure LaunchDarkly. The setup workflow initiates.
- In step 2 of the workflow, enter the information from the setup workflow into LaunchDarkly's Security tab under Edit SAML Configuration:
- In step 4 of the workflow, provide the Assertion consumer service URL, entity ID and start URL for your LaunchDarkly account. To find them, click Edit your SAML configuration on the LaunchDarkly Security tab:
- In step 3, enter the name of the app.
- In step 4, enter LaunchDarkly’s service provider details as shown in the screenshot below:
- In step 5, map the LaunchDarkly attributes
lastNameto Google’s “Basic Information” fields of the same names. Map
customRoleto our LaunchDarkly attributes as shown below:
In the screenshot above, the names in the left-hand columns map to those present in LaunchDarkly. You must name them exactly as shown or configuration will fail.
You've successfully connected LaunchDarkly to GSuite.
Now that the application is configured, you can assign roles to users.
To assign roles:
- Log into GSuite.
- Navigate to Directory > Users.
- Click on the user that you want to assign roles to and choose Account to bring up the user's account settings.
- Click Edit beneath “Manage user attributes” to add the user’s role(s) to the corresponding attribute fields:
- Click Update User.
The next time your user logs into LaunchDarkly through GSuite, their roles will update. If this is a brand new LaunchDarkly account member, an account will be created automatically with the roles you specified.