Configuring a SAML application on Google Workspace
- Log in to Google Admin account, press "Apps" on left sidebar, and under it "Web and mobile apps", than press in main window "Add app" and choose "Add custom SAML app":
- In "Add custom SAML app", give App name, and press continue:
- In the IdP page, click on the download metadata button.
- Once the file is downloaded , navigate to the Metadata File section found within the SAML tab in the Account Management Settings. Paste the downloaded metadata values into the designated text field labeled Metadata File.
Please note that the Identifier (Entity ID) value, along with the Single Sign-On URL, can be located within the SAML tab under the Account Management Settings section within the Blink Platform. The The ACS URL is not available under the SAML tab , therefore you can find it below:
The Entity ID : urn:amazon:cognito:sp:eu-west-1_NEemCMO1L
The ACS URL : https://cognito.blinkops.com/saml2/idpresponse
Single Sign-On URL : Please look in the Account Management Settings section within the Blink Platform to find your unique Single Sign-On URL.
- Using the The ACS URL, as well as the Identifier (Entity ID) value and the Single Sign-On URL value available in the SAML tab under the Account Management Settings section within the Blink Platform, proceed to copy and insert these values into the designated text fields below:. PLEASE NOTE TO PASTE THE Single Sign-On URL VAlUE in the START URL text field.
Press continue
In the Attribute mapping page, map "First name" to "given_name", Last name to family_name and "Primary email" to "email".
- Next, scroll to the Group Membership section , select your Google Groups and set the App attribute value as group and press FINISH. Then head to SAML tab under the Account Management Settings section within the Blink Platform and click the Role Mapping section and select the applicable values.
Please note that in the Mapping section, at least one mapping role must be designated as an admin with administrative privileges. Additionally, the user configuring the group must be a part of the group mapped to the Admin role. Otherwise you won't be able to operate as an administrator in your account or access and edit the role mapping again.
- After you finished SAML app creation, you can setup User access, by changing the status to ON for all organizational units: