In the Codefresh configuration screen there are some optional fields that you can fill, in order to

get team synchronization via the Codefresh CLI.

In the Codefresh configuration screen there are some optional fields that you can fill, to configure team synchronization via the Codefresh CLI.

Based on your requirements, do one of the following:

You need to do the following:

* Create a service account and[delegate user and group permissions](https://developers.google.com/admin-sdk/directory/v1/guides/delegation) to it.

* Create a custom schema for user accounts, create a user role, and assign the user role to every user

* In Codefresh, configure the SAML sync settings to sync to the custom schema name

* To sync_all users and groups_, create a service account and[delegate user and group permissions](https://developers.google.com/admin-sdk/directory/v1/guides/delegation) to it.

OR

To sync_only users who have been assigned the custom schema_, create a custom schema for user accounts, create a user role and assign the user role to every user

In Codefresh, configure the SAML sync settings to sync to the custom schema name

To sync all

{% include image.html

lightbox="true"

max-width="90%"

%}

Save the file locally. Go back to the Codefresh settings and fill in the fields

*`JSON Keyfile` - enter contents of the JSON file

*`Admin email` - The user that has access to`admin.google.com`

In the Google Directory API and create the custom schema foruseraccounts.

Use this method to sync only those users who have been assigned theuserrole with the custom schema.

1. Navigate to the[Google Directory API](https://developers.google.com/admin-sdk/directory/v1/reference/schemas/insert?authuser=1).

1. Add the following schema:

{:start="4"}

1. Expand the Attribute Mapping settings, and add a Role attribute with the above schema for`SSO` and`UserRole`.

1. For every userin turn, in the User Information screen, scroll to`SSO > UserRole`, and assign the user role.

1. For every userto be synced, in the User Information screen, scroll to`SSO > UserRole`, and assign the user role.

{% include image.html

lightbox="true"

max-width="40%"

%}

{:start="6"}

This is required only if you are syncing users via a custom schema.

1. In the Codefresh UI, open the SAML configuration screen.

1. In the`Sync` field, set the value to the custom schemaName.

**IDP Entry* - The SSO endpoint of your Identity Provider. (Ex: For Azure SAML, this is the Login URL)

**Application Certificate* - The security certificate of your Identity Provider. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand. (Ex: For Azure SAML, this will be Certificate (Base64) and the value needed is between the -----BEGIN ... and -----END... from the downloaded cert)

**Assertion URL* -`https://g.codefresh.io/api/auth/<your_codefresh_client_name>/callback​` (where ​<your_codefresh_client_name>​ is taken from the SSO configuration you created on the section above. It was automatically generated by Codefresh after saving the SSO settings).

**Auto Sync users and teams to Codefresh* - This only works for Google / GSuite SAML integration.

When syncing users with custom schema, in the*Sync* field, add the custom schemaName. Otherwise, if you are syncing all users and groups, leave this field empty.

Click the*SAVE* button and make sure to note down the`Client Name` that was autogenerated.

Then in the settings of your Identity Provider create a new Service Provider and provide the following: