Google SSO

Google doesn't expose the groups, or organization unit, of a user to a SAML app. This means we must set up a custom attribute for the Lenses groups that each user belongs to.

Create a custom attribute for Lenses groups

1. Open the Google Admin console from an administrator account.

2. Click the Users button

3. Select the More dropdown and choose Manage custom attributes

4. Click the Add custom attribute button

5. Fill the form to add a Text, Multi-value field for Lenses Groups, then click Add

Assign Lenses groups attributes to Google users

6. Open the Google Admin console from an administrator account.

7. Click the Users button

8. Select the user to update

9. Click User information

10. Click the Lenses Groups attribute

11. Enter one or more groups and click Save

Add Google custom SAML app

Learn more about Google custom SAML apps

12. Open the Google Admin console from an administrator account.

13. Click the Apps button

14. Click the SAML apps button

15. Select the Add App dropdown and choose Add custom SAML app

App Details

15. Enter a descriptive name for the Lenses installation

16. Upload a Lenses icon

Download IdPXML file

Configure in security.conf.

lenses.security.saml.base.url="https://lenses-dev.example.com"
lenses.security.saml.idp.provider="google"
lenses.security.saml.idp.metadata.file="/path/to/GoogleIDPMetadata.xml"
lenses.security.saml.keystore.location="/path/to/keystore.jks"
lenses.security.saml.keystore.password="my_keystore_password"
lenses.security.saml.key.password="my_saml_key_password"