Google SSO

Create a custom attribute for Lenses groups

Open the Google Admin console from an administrator account.

• Click the Users button

• Select the More dropdown and choose Manage custom attributes

• Click the Add custom attribute button

• Fill the form to add a Text, Multi-value field for Lenses Groups, then click Add

Learn more about Google custom attributes

Assign Lenses groups attributes to Google users

Open the Google Admin console from an administrator account.

• Click the Users button

• Select the user to update

• Click User information

• Click the Lenses Groups attribute

• Enter one or more groups and click Save

Add Google custom SAML app

Learn more about Google custom SAML apps

• Open the Google Admin console from an administrator account.

• Click the Apps button

• Click the SAML apps button

• Select the Add App dropdown and choose Add custom SAML app

• Run through the below steps

App Details

• Enter a descriptive name for the Lenses installation

• Upload a Lenses icon

Configure SAML

Service provider details

Given the base URL of the Lenses installation, e.g. https://lenses-dev.example.com, fill out the settings:

Attribute mapping

• Add a mapping from the custom attribute for Lenses groups to the app attribute groups

Enable the app

• From the newly added app details screen, select User access

• Turn on the service

Download the Federation Metadata XML file with the Google IdP details.

Download SAML Certificates

Click Download Metadata and save the metadata file for configuring Lenses.Configure SAML in HQ.

Configure SAML in HQ

SAML configuration is set in HQ's config.yaml file. See here for more details.