TABLE OF CONTENTS
Available on Basic, Business plans
Admin privileges required
To use SAML 2.0 Authentication with Google Apps go to Web and Mobile apps > Add custom SAML app
1. Update Service Provider Details
Give your app a name (e.g. Stack Overflow for Teams) and press continue.
Check to make sure defaults in Google Identity Provider details are correct. Then press continue.
In your Google App go to Service Provider Details:
- ACS URL: Set this to be the Assertion Consumer Service URL of your Team, which can be found on https://stackoverflow.com/c/[your_site]/admin/auth-settings.
- Entity ID: This is something you can make up. The URI doesn't need to exist, but it *must* be copy-pasted into your Team auth settings, as the Issuer.
- Start URL: Not needed can be left blank
2. Update Attribute Mapping
Now go to Add New Mapping. You must have at least one parameter for the user display name and one for the user email. These are the custom parameters we have configured for this example:
3. Configure Authentication Settings for your Stack Overflow Team
Download Metadata File for Reference
We must now set up our Team for using this Google SAML app. Open the Team Auth Settings page on a separate tab: https://stackoverflow.com/c/[your_site]/admin/auth-settings
You'll need to fill the following fields according to what you got on your Google App:
- Single Sign-On Service Url: Retrieve this URL from your Metadata File
- Single Sign-On Service Protocol Binding: POST
- Issuer: This is the Entity ID created in step 1
- Audience Restriction: This is the Entity ID created in step 1
- Display Name Assertion: should match the attribute, on the Attribute Mapping tab, for the user display name
- Email Address Assertion: should match the attribute, on the Attribute Mapping tab, for the user email
- Identity Provider Certificates: copy and paste the certificate for your Google SAML setup. This can be found by downloading the Metadata File
4. Test Configure Authentication Settings for your Stack Overflow Team
Validate your certificate by pressing Validate certificate (you should get a green box with a success message).
Now press Authenticate and enable. You should all be good to go to https://stackoverflow.com/c/[your_site] with your SSO.
If any issue arises you can use Debug SAML auth settings and View SAML request to find out where the issue might be occurring.