• HOME
  • INTEGRATIONS
  • SDKS
  • GUIDES
  • API DOCS
No results for ""
EXPAND ALL
CLOSE
launchdarkly.com

EDIT ON GITHUB

Google Apps

Read time: 2 minutes
Last edited: Mar 12, 2020

Overview

This topic explains how to configure Google Apps to support SSO in LaunchDarkly.

Prerequisites

To configure SSO for LaunchDarkly using Google Apps, you must complete the following prerequisite:

  • Configure SAML for authentication. For more information, read the Google knowledge base.

Use the table below to configure Google fields for LaunchDarkly.

Google fieldLaunchDarkly setting
ACS URLUse LaunchDarkly's Assertion Consumer Service URL value.
Entity IDUse LaunchDarkly's Entity ID value.
Start URLUse LaunchDarkly's Start URL value.
Signed ResponseCheck this box.
Name IDSelect "Basic Information" and "Primary Email"
Name ID FormatSelect "EMAIL"
Attribute MappingEnter role as the application attribute, and select the custom user attribute that corresponds to the desired role.

Configuring SSO for LaunchDarkly with GSuite

Before you create the LaunchDarkly app in GSuite, you must create the LaunchDarkly specific fields for roles and custom roles.

To configure these fields:

  1. Log into GSuite.
  2. Navigate to your user directory by clicking Directory and then Users.
  3. Click the Manage user attributes icon. A popup screen appears.

The "Manage user attributes" icon.
The "Manage user attributes" icon.

  1. Select Add Custom Category.
  2. Name the custom category whatever you like. In the example below, we used LaunchDarkly Attributes.
  3. Add role and customRoles fields.

The "LaunchDarkly Attributes" screen.
The "LaunchDarkly Attributes" screen.

Allow multiple values for custom roles

Set the "Multiple values" field for customRoles to Yes. Some users may have more than one custom role, which requires multiple values.

Adding LaunchDarkly as a Custom SAML Application

Next, you must add LaunchDarkly to your GSuite apps.

To add LaunchDarkly:

  1. Navigate to Apps > SAML Apps.
  2. Click the plus button to Add an app.
  3. Select Setup my own Custom App to configure LaunchDarkly. The setup workflow initiates.
  4. In step 2 of the workflow, enter the information from the setup workflow into LaunchDarkly's Security tab under Edit SAML Configuration.

The Google IdP information window.
The Google IdP information window.

  1. In step 4 of the workflow, provide the Assertion consumer service URL, entity ID and start URL for your LaunchDarkly account. To find them, click Edit your SAML configuration on the LaunchDarkly Security tab.

LaunchDarkly's SAML Configuration screen.
LaunchDarkly's SAML Configuration screen.

  1. In step 3, enter the name of the app.
  2. In step 4, enter LaunchDarkly’s service provider details as shown in the screenshot below.

LaunchDarkly's service provider details.
LaunchDarkly's service provider details.

  1. In step 5, map the LaunchDarkly attributes firstName and lastName to Google’s “Basic Information” fields of the same names. Map role and customRole to our LaunchDarkly attributes as shown below.

The Attribute Mappings screen.
The Attribute Mappings screen.

Names are case sensitive
In the screenshot above, the names in the lefthand columns map to those present in LaunchDarkly. You must name them exactly as shown or configuration will fail.

You've successfully connected LaunchDarkly to GSuite.

Assigning roles & custom roles with GSuite

Now that the application is configured, you can assign roles to users.

To assign roles:

  1. Log into GSuite.
  2. Navigate to Directory > Users.
  3. Click on the user that you want to assign roles to and choose Account to bring up the user's account settings.
  4. Click Edit beneath “Manage user attributes” to add the user’s role(s) to the corresponding attribute fields.

The "Update User" screen.
The "Update User" screen.

  1. Click Update User.

That’s it! The next time your user logs into LaunchDarkly through GSuite, their roles will update. If this is a brand new LaunchDarkly team member, an account will be created automatically with the roles you specified.