Similar name, different systems
Google's SAML authentication is different than Google SSO, which is available via the "Sign In with Google" button. Both allow your users to access Robin on their own, but SAML will provide more control for Enterprise users.
As of October 2015, Google Apps can now act as a SAML Identity Provider. This is great news for organizations that haven't implemented SAML yet, because you can set authentication up without introducing a third party service such as Okta or OneLogin.
This guide will show you how to set up SAML authentication for Robin using Google Apps. It follows the same steps as any custom provider, but includes specific screenshots.
Where to find SAML Apps in Google
As an administrator on your Google account, go to the admin portal and click through to Apps > SAML Apps.
You will see a list of any existing SAML apps. Click the big plus sign in the bottom right to add a new one.
Add a new service app
Click "Setup my own custom app" near the bottom of the window.
Google IDP Information
You'll then see your specific Identity Provider information. You will need the info in Option 1 to configure Robin in a moment. Open a new browser window so you can keep both handy.
Basic App Information
Name the SAML app and upload an icon to make it easy to find. You can download our official icon below:
Service Provider Details
- ACS URL (Assertion Consumer Service): https://dashboard.robinpowered.com/sso/saml/custom
- Entity ID: https://robinpowered.com
- Start URL: Leave empty
- Signed Response: Check this box
- Name ID: Select "Basic Information" and "Primary Email"
In the final step, you will need to map three metadata attributes to your Google Apps users. They are case sensitive:
- Email: Basic Information > Primary Email
- FirstName: Basic Information > First Name
- LastName: Basic Information > Last Name
Adding your IDP to Robin
As an administrator in Robin's dashboard, go to Settings > Integrations and scroll down to the Authentication methods to find an option for SAML SSO.
Click "Add" to bring up configuration options. Leave "Custom" selected and paste in your fields:
- SAML SSO URL: Use SSO URL
- Identity Provider Issuer: Use Entity ID
- Public Certificate: Use the certificate downloaded from Google in the previous step.
Save this form, then go back to Google Admin for the final step.
Enable the app for everyone
Once the app is configured, it will not work until you turn it on for your domain. You can turn in on for everyone in your organization or for specific organizations.
When turned on, Robin will show up in everyone's app dropdown along with existing SAML apps. You may need to click "More" first to see the complete list of available apps.
Clicking on this link starts an IDP-initiated workflow, and will open your organization in Robin with the user authenticated. First time users will need to complete a quick registration step first.
A sample workflow