Google Apps
Read time: 4 minutes
Last edited: May 01, 2024
Overview
This topic explains how to configure Google Apps to support single sign-on (SSO) in LaunchDarkly.
The procedures in this topic explain how to configure SSO for Google Apps. To learn how to configure Google OAuth instead, read Google OAuth.
If a member signs in to LaunchDarkly using Google OAuth, they cannot also sign in to the same account using Google Apps SSO. Similarly, if you invite a member to join a LaunchDarkly account using Google Apps SSO, they cannot also sign in using Google OAuth. However, members can change sign-in methods. For instructions on how to switch from Google SSO to Google OAuth, read How to switch from username and password to Google OAuth.
Prerequisites
To configure SSO for LaunchDarkly using Google Apps, you must complete the following prerequisite:
- Configure SAML for authentication. For more information, read the Google knowledge base.
Use the table below to configure Google fields for LaunchDarkly:
| Google field | LaunchDarkly setting |
|---|---|
| ACS URL | Use LaunchDarkly's Assertion Consumer Service URL value. |
| Entity ID | Use LaunchDarkly's Entity ID value. |
| Start URL | Use LaunchDarkly's Start URL value. |
| Signed Response | Check this box. |
| Name ID | Select "Basic Information" and "Primary Email" |
| Name ID Format | Select "EMAIL" |
| Attribute Mapping | Enter |
Configure SSO for LaunchDarkly with Google Apps
Before you create the LaunchDarkly app in Google Apps, you must create the LaunchDarkly specific fields for roles and custom roles.
To configure these fields:
- Log into Google Apps.
- Navigate to your user directory by clicking Directory and then Users.
- Click the Manage user attributes icon. A popup screen appears:
- Select Add Custom Category.
- Name the custom category whatever you like. The example below uses LaunchDarkly Attributes.
- Add
roleandcustomRolefields:
Set the Multiple values field for customRole to "Yes." Some account members may have more than one custom role, which requires multiple values.
Add LaunchDarkly as a custom SAML application
Next, you must add LaunchDarkly to your Google Apps apps.
To add LaunchDarkly:
- Log into Google Apps.
- Navigate to Apps, then SAML Apps.
- Click the plus button to Add an app.
- Select Setup my own Custom App to configure LaunchDarkly. The setup workflow initiates.
- In step 2 of the workflow, copy the information from the setup workflow. You'll need to add this into LaunchDarkly's Security tab under Edit SAML Configuration:
- In step 3, enter the name of the app.
- In step 4 of the workflow, provide the Assertion consumer service URL, entity ID, and start URL for your LaunchDarkly account:
To find them, click Edit your SAML configuration on the LaunchDarkly Security tab:
- In step 5, map the LaunchDarkly attributes
firstNameandlastNameto Google’s “Basic Information” fields "First Name" and "Last Name." Map the LaunchDarkly attributesroleandcustomRoleto Google's "LaunchDarkly Attributes" fields "Role" and "Custom Roles." These mappings are shown below:
In the screenshot above, the names in the left-hand columns map to those present in LaunchDarkly. You must name them exactly as shown or configuration will fail.
You've successfully connected LaunchDarkly to Google Apps.
Assign roles and custom roles with Google Apps
Now that the application is configured, you can assign roles.
To assign roles:
- Log into Google Apps.
- Navigate to Directory, then Users.
- Click on the Google Apps user that you want to assign roles to and choose Account to bring up the user's account settings.
- Click Edit beneath “Manage user attributes” to add the user’s role(s) to the corresponding attribute fields:
- Click Update User.
The next time this user logs into LaunchDarkly through Google Apps, their roles will update. If this is a brand new LaunchDarkly account member, an account will be created automatically with the roles you specified.
SAML ignores empty Roles and customRole fields. To clear all existing roles, enter an empty string "" into the field.