Google Workspaces

To integrate Google Workspaces with Komodor for Single Sign-On (SSO) and role provisioning, please follow the steps outlined below. This guide includes detailed instructions for setting up Single Sign-On (SSO) and provisioning roles.

(For a more detail instructions on how to create a Custom SAML app in Google, please refer to this guide)

Note: you must be signed in as a super administrator for this task

Setup Custom SAML App

In the Google Admin console, browse to Apps > Web and mobile apps as shown below

Select Add app > Add custom SAML app 

Under App details, enter a name and optionally a description and icon and click on CONTINUE

Under Google Identity Provider details, select to DOWNLOAD METADATA and share the file with Komodor. Leave the default options for SSO URL and Entity ID. Click on CONTINUE.

Under Service Provider Details, use the following values for ACS URL and Entity ID, replacing <your-account-name> with the name of your Komodor account:

Entity ID: urn:auth0:komodorio:<your-account-name>

ACS URL: https://auth.komodor.com/login/callback?connection=<your-account-name>

Make sure to check the Signed response check box.

Creating the Komodor Roles attribute

The next section outlines how to automatically map a new user to an existing role in Komodor. 

Under Attribute Mapping, set up mapping attributes as shown below:

Under Group membership, add the Google Groups that you wish to have access to Komodor. Set the App attribute to komodorRoles

Creating the Corresponding Role In Komodor

Note: You must be an admin in Komodor to create a role

The last step is to create a corresponding role in Komodor. The role in Komodor has to match the Google Group (or one of them). For example, in the screenshot above, we have a Google Group called Security. In Komodor, we would then create a role called Security. To create a new role, click on the gear iconand select Roles as shown below.

You can also create the role programmatically using this API endpoint or using our Terraform provider.