Add Google SAML authentication to your Scuba instance

Before you start...

Make sure you've spoken with your technical account manager to determine which authentication provider best fits your needs. If you've chosen to use Google as your SAML identity provider, you'll need some information from Scuba before you begin configuring the application in Google. Your TAM will provide you an ACS URL and an Entity ID that you will need for Google configuration.

This documentation will use the following inputs as examples, but make sure you use the actual inputs provided by your TAM.

Example ACS URL: https://scuba.yourcompany.com/api/saml/gsaml

Example Entity ID: https://scuba.yourcompany.com/api/saml_metadata/gsaml

Once you have these URLs, you are ready to configure Scuba in Google.

Google Configuration

1. Go to http://admin.google.com and sign in with your administrator credentials.
   

   

2. From the homepage or sidebar, click Apps > “Web and mobile apps”
   

   

3. Under “Add App” select "Add custom SAML app"
   

   

4. Give your app a name, and optionally a logo, and then click “Continue”
   

   

5. Download IDP metadata. When you are done configuring SAML in Google, please send the metadata to your TAM so that they can configure SAML on the Scuba side. Then proceed.
   

   

6. Here's the most important part. Enter the ACS URL and Entity ID provided to you by your TAM in their respective locations. Double check your inputs! Leave the default for everything else. Then
   proceed.
   

   

7. On the Attribute Mapping page, click "FINISH".
   

   

8. Your newly created App will default to OFF for everyone:
   

   

9. Click on EDIT SERVICE to turn the app on for the users you wish to be able to log in to Scuba.
   

   

What's Next

Don't forget to send us your SAML Metadata! Once we have that, we can get everything hooked up on our side. We will work with you to plan a time to switch over to the new authentication flow and have someone on your team validate that everything is working properly.