Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitbda1a51

Browse files
committed
Update for CR-5394 SAML google sync teams
Added content
1 parent2590724 commitbda1a51

File tree

4 files changed

+68
-2
lines changed

4 files changed

+68
-2
lines changed

‎_docs/administration/single-sign-on/sso-google.md‎

Lines changed: 68 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -107,9 +107,16 @@ This concludes the basic SSO setup for Google. For team/group synchronization yo
107107
##Synchronize teams with the Codefresh CLI
108108

109109
In the Codefresh configuration screen there are some optional fields that you can fill, in order to
110-
get team synchronization via the Codefresh CLI. You need to create a service account and[delegate user and group permissions](https://developers.google.com/admin-sdk/directory/v1/guides/delegation) to it.
110+
get team synchronization via the Codefresh CLI.
111+
112+
You need to do the following:
113+
114+
* Create a service account and[delegate user and group permissions](https://developers.google.com/admin-sdk/directory/v1/guides/delegation) to it.
115+
* Create a custom schema for user accounts, create a user role, and assign the user role to every user
116+
* In Codefresh, configure the SAML sync settings to sync to the custom schema name
117+
118+
###Create a Service account from Google Console
111119

112-
Create a Service account from Google Console:
113120

114121
{% include image.html
115122
lightbox="true"
@@ -145,6 +152,65 @@ Save the file locally. Go back to the Codefresh settings and fill in the fields
145152
*`JSON Keyfile` - enter contents of the JSON file
146153
*`Admin email` - The user that has access to`admin.google.com`
147154

155+
###Create a custom schema for user accounts
156+
In the Google Directory API and create the custom schema for user accounts.
157+
158+
1. Navigate to the[Google Directory API](https://developers.google.com/admin-sdk/directory/v1/reference/schemas/insert?authuser=1).
159+
1. Add the following schema:
160+
```
161+
{
162+
"schemaName": "SSO",
163+
"displayName": "SSO",
164+
"fields": [
165+
{
166+
"fieldType": "STRING",
167+
"fieldName": "UserRole",
168+
"displayName": "UserRole",
169+
"multiValued": true,
170+
"readAccessType": "ADMINS_AND_SELF"
171+
}
172+
]
173+
}
174+
```
175+
1. In the GSuite Admin panel, go to`Apps > SAML`.
176+
177+
{% include image.html
178+
lightbox="true"
179+
file="/images/administration/sso/google/google-gsuite-admin.png"
180+
url="/images/administration/sso/google/google-gsuite-admin.png"
181+
alt="SAML apps in GSuite Admin panel"
182+
caption="SAML apps in GSuite Admin panel"
183+
max-width="40%"
184+
%}
185+
186+
{:start="4"}
187+
1. Expand the Attribute Mapping settings, and add a Role attribute with the above schema for`SSO` and`UserRole`.
188+
1. For every user in turn, in the User Information screen, scroll to`SSO > UserRole`, and assign the user role.
189+
190+
{% include image.html
191+
lightbox="true"
192+
file="/images/administration/sso/google/google-gusite-user-info.png"
193+
url="/images/administration/sso/google/google-gusite-user-info.png"
194+
alt="User Information screen in GSuite"
195+
caption="User Information screen in GSuite"
196+
max-width="40%"
197+
%}
198+
199+
###Configure sync setting in Codefresh SAML
200+
{:start="6"}
201+
1. In the Codefresh UI, open the SAML configuration screen.
202+
1. In the`Sync` field, set the value to the custom schemaName.
203+
204+
{% include image.html
205+
lightbox="true"
206+
file="/images/administration/sso/google/google-cf-saml-setting.png"
207+
url="/images/administration/sso/google/google-cf-saml-setting.png"
208+
alt="SAML Sync Setting in Codefresh for Google GSuite"
209+
caption="SAML Sync Setting in Codefresh for Google GSuite"
210+
max-width="40%"
211+
%}
212+
213+
148214
Now you can[synchronize teams with the Codefresh CLI]({{site.baseurl}}/docs/administration/single-sign-on/sso-setup-oauth2/#syncing-of-teams-after-initial-sso-setup) .
149215

150216

247 KB
Loading
250 KB
Loading
159 KB
Loading

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp