- 20 Apr 2023
- 2 Minutes to read
- Print
- DarkLight
SAML SSO integration with Google
- Updated on 20 Apr 2023
- 2 Minutes to read
- Print
- DarkLight
The SAML SSO integration is only available on the Enterprise plan.
Overview
This page covers how to create a SAML SSO integration with Preset using Google as your Identity Provider (IdP).
Create the integration on Google
A Google super administrator can create a custom SAML application following this article.
Important details about these steps:
- Download the IDP metadata as highlighted on step 6. This will be used by the Preset Support team to implement the integration.
- In the Service Provider Details window (step 9), use below placeholder values (our Support Team will provide definitive values after creating the integration on our end):
- ACS URL:
https://auth.app.preset.io/login/callback?connection=auth0_connection_name
- Entity ID:
urn:auth0:preset-io-prod:auth0_connection_name
- ACS URL:
- You can keep the primary email as the Name ID.
- On the Attribute mappings (step 13), create below attributes mapped to the appropriate fields:
firstName
lastName
email
- (optional) You can also create
sessionDurationSecs
to control users' session duration (in seconds).
- Group membership information is not supported by Preset (step 14).
Engage with the Preset Support team
Send the IDP metadata downloaded from Google to us by opening up a support ticket via the Preset Support Portal.
Also specify which domain(s) should be enforced with your SSO integration.
The SSO integration will be enforced to all accounts from your domain(s). This means that all users from your domain(s) that use Preset need to be properly configured and assigned to the Preset application in your IdP.
To mitigate impact, the integration needs to be approved by an admin of your Preset team. If you are not a Team Admin, share the support ticket with one so they can approve the implementation.
The Preset team will return permanent values for the ACS URL and Entity ID. Update these settings on the configuration (on Google side).
After updating the configuration, enable the SAML app on Google and then test the integration.
Important details
Existing accounts
If users have already been created in a team before setting up the SSO integration, Preset will merge existing users with the SSO login. For a successful merge, the email
sent by the Identity Provider needs to be the same used on Preset side.
New accounts
Preset supports just-in-time account creation (JIT Provisioning), meaning that a Preset account is automatically created for a new user authenticating via SSO. However, this account will not be automatically added to an existing Preset team. Instead, a new Team will be created. Make sure to invite new users to your Preset team to prevent this issue.
Testing the integration
Navigate to the Preset log in page.
Enter your email address and click on Next.
You will be redirected to your IdP to perform the authentication. Once the authentication is successfully finished, your IdP will send you back to Preset.
You'll be prompted to Link accounts - click on RE-AUTHENTICATE.
- Enter the local password set before the SSO integration, and click on Log in.
You should be logged into your existing account, with all existing permissions.