Prerequisites
To setup SSO for your organization, you’ll need:- A Google Workspace account
- Google Workspace administration access
- A Superblocks organization on the Enterprise plan
Setup Google Workspace
Set up single sign-on for Google by creating either a SAML or OIDC application. For full details, see Google’s guides for how to:Create an OAuth app
- Log in to Google Cloud and go to the API Console
- Select a Google Cloud project or create a new one
- Navigate to the APIs & services page from the left side menu
- On the left, click Credentials
- Click Create Credentials, then select OAuth client ID
- Select Web application as the Application type
-
Configure the following settings for your application
Name Superblocks, or a custom name Authorized JavaScript origins https://login.superblocks.comAuthorized redirect URIs https://login.superblocks.com/login/callback - Click Create. A modal will open with your OAUth client information. Keep this modal open and go to the section below to determine what info to send to Superblocks.
Create a SAML app
- Log in to Google Workspace and go to the Admin Console
- Navigate to Apps → Web and mobile apps
- Click Add App → Add custom SAML app
- Provide the general information for the integration and click Continue
- On the Google Identity Provider details download the IDP metadata file, or copy and save the info to send to Superblocks
- Click Continue
-
Enter the following information into the Service Provider Details
ACS URL https://login.superblocks.com/login/callback?connection={CompanyName}-SAMLEntity ID urn:auth0:superblocks-prod:{CompanyName}-SAMLName ID format EMAIL Name ID Basic Information > Primary email - Click Continue
-
Click Add mapping and configure the following user attributes
Google Directory attributes App attributes Primary email email First name givenname Last name surname - Click Finish and continue to send your SAML app info to Superblocks.
Send IDP info to Superblocks
OAuth application
Send the following information to support@superblocks.com| Client ID | The public identifier for your client located on the General tab of your application. |
|---|---|
| Client Secret | The secret value shows in the
CLIENT SECRETS section. Note: we recommend using a secure
transfer mechanism such as https://onetimesecret.com or similar to send
the secret. |
| Google Workspace domain | Google Workspace domain name for your organization. |
| Domains | A list of domain and domain aliases your employees should be able to use when logging in to Superblocks. |
SAML application
Send the following information to support@superblocks.com| Connection Name | The connection name you created above and configured in the ACS URL and Entity ID. |
|---|---|
| SSO URL | The Identity Provider Single Sign-On URL provided when you created the SAML app. |
| X509 Signing Certificate | The certificate downloaded from the Identity Provider details |
| Domains | A list of domain and domain aliases your employees should be able to use when logging into Superblocks. |