This article explains how to configure a custom SAML application in Google so that your users can authenticate into Buzz with their Google credentials.
Many of the following steps are modified from the provided Google directions found at Set up your own custom SAML application. If any of them are out of date, you may refer to the Google article.
- Your institution must have a G Suite account.
- For a Buzz user to authenticate using Google SSO, their Buzz username must match their G Suite email address.
Set up your own custom SAML app for Buzz
- Open Web and mobile apps.
- Open the Add app dropdown, and select Add custom SAML app.
- Enter the App name (Buzz).
- Download the IDP metadata. You will use this when configuring Buzz.
- In the Service Provider Details window, add an ACS URL, an Entity ID, and a Start URL. Use the following URLS (this information can also be found at (https://api.agilixbuzz.com/SAML/USERSPACE/metadata.xml):
- ACS (AssertionConsumerService) URL: https://api.agilixbuzz.com/SAML/USERSPACE/Consumer
- Entity ID: https://api.agilixbuzz.com/SAML/USERSPACE
- Start URL: https://USERSPACE.agilixbuzz.com/home
- Replace “USERSPACE” with your domain’s userspace wherever it appears.
- If you have a custom URL for Buzz, then your Start URL would be https://USERSPACE.CUSTOM_URL.com/home, replacing CUSTOM_URL with your custom URL.
- Leave Signed response unchecked.
- If you want to attach additional information to app (e.g., names, email, titles, etc):
- Click Add mapping.
- Open the Google directory attributes dropdown, and select the desired attribute for everything you want to add.
- Provide the information in the App attributes fields.
- Click Finish.
You can define a maximum of 1500 attributes over all apps. Because each app has one default attribute, the total amount includes the default attribute plus any custom attributes you add. In the Basic Application Information window, add an application name (e.g., Buzz) and description.
Google shows you a summary of the SAML configuration. From this screen you can make changes, including turning the app on or off for everyone.
Turn on SSO to your new SAML app
- Open Web and mobile apps.
- Click your new SAML app.
- Click the User access card.
- At the left, the top-level organization and any organizational units appear. Ensure that your user account email IDs match those in the domain for your Google service (e.g., firstname.lastname@example.org).
- Select ON for everyone to enable SSO for the listed organizations.
Once enabled, some users will be able to attempt to authenticate into Buzz with their Google credentials. However, they will not successfully be able to do so until you have configured Buzz to use the Google SSO in the following section.
Configure Buzz to use the new Google SSO
- Go to the Admin app in Buzz for the USERSPACE you configured in Google.
- Open the vertical menu in the toolbar of Domain Details and select Domain Settings.
- On the Authentication card, select SAML as your authentication Type. Do not choose the "old version" of SAML.
- Click Add identity provider (IdP).
- Provide the Login prompt. This is what appears on the login button. If you have only one IdP, this defaults to Login, if you have more, you can label them appropriately.
- Upload the idp-meta XML file that you downloaded from Google.
- The Metadata resource path and Provider ID are automatically populated.
- Click Done.
- Provide a Logout redirect URL if you want users to be taken to somewhere other than the Buzz login screen when they sign out.
- Indicate if you want to Prevent users from using Buzz credentials.
- If you don't select this, you have the option to Allow users to create their own accounts rather than requiring they be created for them. You will also be able to set up your password policy.
Verify SSO between your Google service and Buzz
- Go to your Buzz login page.
- Click Login to launch the Google SSO.
- Enter your G Suite credentials.
- After your G Suite credentials are authenticated you will be automatically redirected back to your Buzz home page.