This article explains how to configure a custom SAML application in Google so that your users can authenticate into Buzz with their Google credentials.
Many of the following steps are modified from the provided Google directions found at Set up your own custom SAML application. If any of them are out of date, you may refer to the Google article.
- Your institution must have a G Suite account.
- For a Buzz user to authenticate using Google SSO, their Buzz username must match their G Suite email address.
Set up your own custom SAML app for Buzz
- Click the plus (+) icon in the bottom corner.
- Click Setup my own custom app.
- Download the IDP metadata. This will be used later for configuring Buzz.
- Click Next.
- In the Basic Application Information window, add an application name (e.g., Buzz) and description.
- (Optional) Click Choose file next to the Upload Logo field to upload a PNG or GIF file to serve as an icon. The file size should be 256 pixels square.
- Click Next.
- In the Service Provider Details window, add an ACS URL, an Entity ID, and a Start URL. The ACS URL, the Entity ID and other information can be found at https://api.agilixbuzz.com/SAML/USERSPACE/metadata.xml, but can be found below for easier configuration.
- ACS (AssertionConsumerService) URL: https://api.agilixbuzz.com/SAML/USERSPACE/Consumer
- Entity ID: https://api.agilixbuzz.com/SAML/USERSPACE
- Start URL: https://USERSPACE.agilixbuzz.com/home
- Replace “USERSPACE” with your domain’s userspace wherever it appears.
- If you have a custom URL for Buzz, then your Start URL would be https://USERSPACE.CUSTOM_URL.com/home, replacing “CUSTOM_URL” with your custom URL.
- Leave Signed Response unchecked.
- Click Next.
- Click Finish.
Turn on SSO to your new SAML app
- At the top right of the gray box, click Edit Service.
- At the left, the top-level organization and any organizational units appear. Ensure that your user account email IDs match those in the domain for your Google service.
- Select ON for everyone to enable SSO for the listed organizations.
- Click Save.
Once enabled, some users will be able to attempt to authenticated into Buzz with their Google credentials. However, they will not successfully be able to do so until you have configured Buzz to use the Google SSO in the following section.
Configure Buzz to use the new Google SSO
- Go to the Admin app in Buzz for the USERSPACE you configured in Google.
- On the Details screen, click the (⋮) icon in the top right and click Edit settings.
- On the Authentication card, select SAML as your authentication Type.
- Locate the previously downloaded IPD metadata file (see step 5 of the Set up your own custom SAML app for Buzz section).
- Rename the file to idp-meta.xml.
- Click the upload icon for the idp-meta.xml field.
- Click Choose File, locate and select the “idp-meta.xml” file provided from Google, which you renamed in step 6 and click Open.
- Click Upload.
- Select the Open login in a new window checkbox.
This option is required as Google does not allow their sign-on screen to be displayed within another website.
Verify SSO between your Google service and Buzz
- Go to your Buzz login page.
- Click Login to launch the Google SSO.
- Enter your G Suite credentials.
- After your G Suite credentials are authenticated you will be automatically redirected back to your Buzz home page.