Using Google Workspace (G Suite) as your identity provider

Prerequisites

To connect BigAnimal to Google Workspace's identity provider, you must have:

• A Super Administrator role is assigned to you in Google Workspace.

• Unique URL and access code provided in an email from cloudcare@enterprisedb.com.

  Contact cloudcare@enterprisedb.com if you didn't receive the email or contact Support If you have issues with the code or identity provider setup.

Set up BigAnimal with Google Workspace's identity provider

Open the link in the email sent from cloudcare@enterprisedb.com to access the Set Up Identity Provider page in BigAnimal.

1. In a separate browser tab or window, log into the Google Workspace Admin console.

2. Select Applications, and then select Web and mobile apps:

3. Select Add App, and then select Add custom SAML app.

4. On the App Details page, enter a name for your application.

5. Select Continue.

6. On the Google Identity Provider details page, note the Single Sign-On URL (SSO) URL and Entity ID and download the (signature) certificate (or SHA-256 fingerprint). You will need this information and the file while configuring BigAnimal later in this procedure.

7. Select Continue.

8. The Service Provider Details page opens.

9. Switch to the BigAnimal browser tab.

   1. Copy and paste the following information from the Connection Info tab on the Set Up Identity Provider page to the Service Provider Details tab in Google:

      Copy from BigAnimal	Paste in Google
      Audience URI	Entity ID
      Assertion Consumer Service URL	ACS URL

      Note

      The ACS URL has to start with https://.

10. Switch to the Google Admin console tab.

11. Check the Signed Response box so that the entire SAML authentication response is signed.

12. From the Name ID format menu, select EMAIL. From the Name ID menu, select Primary email.

13. Select Continue.

14. On the Attribute mapping page, select Add another mapping to map additional attributes.

15. Under Google Directory attributes, use the Select field menu to choose the following field names and enter the corresponding App attributes.

    Google Directory Attributes	App attributes	Note
    Primary email	<assertion_path>/emailaddress	Required claim
    First Name	<assertion_path>/givenname	Additional claim
    Last Name	<assertion_path>/surname	Additional claim

    Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.

1. Click Finish.

2. By default, SAML Apps are turned off for everyone.

3. Select your SAML app and select User access to assign people or groups to the newly created application. If you need to sign into BigAnimal, be sure to assign yourself.

4. Switch to the BigAnimal browser tab. On the Setup Config tab on the Set Up Identity Provider page:

   1. Paste the Identity Provider Single Sign-on URL you copied from Google into the Single Sign-On URL field.
   2. For Identity Provider Signature Certificate, upload the (signature) certificate downloaded from Google.
   3. Select the appropriate method for Request Binding. BigAnimal supports HTTP-POST, HTTP-Redirect, and Hybrid.
   4. Select the appropriate value for Response Signature Algorithm. BigAnimal supports rsa-sha256 and rsa-sha1.
   5. Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.

• On this page
• Prerequisites
• Set up BigAnimal with Google Workspace's identity provider