Google Workspace

Cube Cloud supports authenticating users through Google Workspace, which is useful when you want your users to access Cube Cloud using single sign on. This guide will walk you through the steps of configuring SAML authentication in Cube Cloud with Google Workspace. You must be a super administrator in your Google Workspace to access the Admin Console and create a SAML integration.

<InfoBox>

Available on Enterprise and above plans.

</InfoBox>

Enable SAML in Cube Cloud

First, we'll enable SAML authentication in Cube Cloud. To do this, log in to Cube Cloud and

1. Click your username from the top-right corner, then click <Btn>Team & Security</Btn>.

2. On the <Btn>Authentication & SSO</Btn> tab, ensure <Btn>SAML</Btn> is enabled:

<Screenshot alt="Cube Cloud Team Authentication and SSO tab" src="https://ucarecdn.com/f5ff1413-f37c-4476-afcc-0ff29e87e80a/" />

Take note of the <Btn>Single Sign On URL</Btn> and <Btn>Service Provider Entity ID</Btn> values here, as we will need them in the next step when we configure the SAML integration in Google Workspace.

Create a SAML Integration in Google Workspace

Next, we'll create a SAML app integration for Cube Cloud in Google Workspace.

1. Log in to admin.google.com as an administrator, then navigate to

   <Btn>Apps → Web and Mobile Apps</Btn> from the left sidebar.

2. Click <Btn>Add App</Btn>, then click <Btn>Add custom SAML app</Btn>:

<Screenshot src="https://ucarecdn.com/5898f666-a2b4-44b5-ae9e-03832d9966bc/" />

3. Enter a name for your application and click <Btn>Next</Btn>. You can optionally add a description and upload a logo for the application, but this is not required. Click <Btn>Continue</Btn> to go to the next screen.

<Screenshot src="https://ucarecdn.com/b8fe1ad6-6f31-42ed-908c-3e1b72a3d2f1/" />

4. Take note of the <Btn>SSO URL</Btn>, <Btn>Entity ID</Btn> and <Btn>Certificate</Btn> values here, as we will need them when we finalize the SAML integration in Cube Cloud. Click <Btn>Continue</Btn> to go to the next screen.

<Screenshot src="https://ucarecdn.com/3f046773-d2d1-424f-a8f8-b023e4896eb1/" />

5. Enter the following values for the <Btn>Service provider details</Btn> section and click <Btn>Continue</Btn>.

Name	Description
ACS URL	Use the <Btn>Single Sign On URL</Btn> value from Cube Cloud
Entity ID	Use the <Btn>Service Provider Entity ID</Btn> value from Cube Cloud

5. On the final screen, click <Btn>Finish</Btn>.

6. From the app details page, click <Btn>User access</Btn> and ensure the app is <Btn>ON for everyone</Btn>:

<Screenshot src="https://ucarecdn.com/8e1696fa-828c-4be5-a1d8-81c7b054dadb/" />

Enable SAML in Cube Cloud

In this step, we'll finalise the configuration by entering the values from our SAML integration in Google into Cube Cloud.

1. From the same <Btn>Authentication & SSO > SAML</Btn> tab, click the <Btn>Advanced Settings</Btn> tab:

<Screenshot src="https://ucarecdn.com/5359c52e-69c1-45fa-baf2-d3bb07d72634/" />

2. Enter the following values in the <Btn>SAML Settings</Btn> section:

Name	Description
Audience (SP Entity ID)	Delete the prefilled value and leave empty
IdP Issuer (IdP Entity ID)	Use the <Btn>Issuer</Btn> value from Google Workspace
Identity Provider Login URL	Use the <Btn>Sign on URL</Btn> value from Google Workspace
Certificate	Use the <Btn>Signing Certificate</Btn> value from Google Workspace

3. Scroll down and click <Btn>Save SAML Settings</Btn> to save the changes.

Test SAML authentication

To start using SAML authentication, use the single sign-on URL provided by Cube Cloud (typically <YOUR_CUBE_CLOUD_URL>/sso/saml) to log in to Cube Cloud.