In the Codefresh configuration screen there are some optional fields that you can fill, in order to

get team synchronization via the Codefresh CLI. You need to create a service account and[delegate user and group permissions](https://developers.google.com/admin-sdk/directory/v1/guides/delegation) to it.

In the Codefresh configuration screen there are some optional fields that you can fill, to configure team synchronization via the Codefresh CLI.

You can do one of the following:

Create a Service account from Google Console:

* Sync_all users and groups_, by creating a service account and[delegating user and group permissions](https://developers.google.com/admin-sdk/directory/v1/guides/delegation) to it.

* Sync_only users who have been assigned the custom schema_, by creating a custom schema for user accounts, and creating and assigning the user role.

Use this method to sync all users.

{% include image.html

lightbox="true"

max-width="90%"

%}

Save the file locally. Go back to the Codefresh settings and fill in the fields

*`JSON Keyfile` - enter contents of the JSON file

*`Admin email` - The user that has access to`admin.google.com`

Use this method to sync only those users who have been assigned the user role with the custom schema.

1. Navigate to the[Google Directory API](https://developers.google.com/admin-sdk/directory/v1/reference/schemas/insert?authuser=1).

1. Add the following schema:

1. In the GSuite Admin panel, go to`Apps > SAML`.

{% include image.html

lightbox="true"

file="/images/administration/sso/google/google-gsuite-admin.png"

url="/images/administration/sso/google/google-gsuite-admin.png"

alt="SAML apps in GSuite Admin panel"

caption="SAML apps in GSuite Admin panel"

max-width="40%"

%}

{:start="4"}

1. Expand the Attribute Mapping settings, and add a Role attribute with the above schema for`SSO` and`UserRole`.

1. For every user to be synced, in the User Information screen, scroll to`SSO > UserRole`, and assign the user role.

{% include image.html

lightbox="true"

file="/images/administration/sso/google/google-gusite-user-info.png"

url="/images/administration/sso/google/google-gusite-user-info.png"

alt="User Information screen in GSuite"

caption="User Information screen in GSuite"

max-width="40%"

%}

This is required only if you are syncing users via a custom schema.

1. In the Codefresh UI, open the SAML configuration screen.

1. In the`Sync` field, set the value to the custom schemaName.

{% include image.html

lightbox="true"

file="/images/administration/sso/google/google-cf-saml-setting.png"

url="/images/administration/sso/google/google-cf-saml-setting.png"

alt="SAML Sync Setting in Codefresh for Google GSuite"

caption="SAML Sync Setting in Codefresh for Google GSuite"

max-width="40%"

%}

Now you can[synchronize teams with the Codefresh CLI]({{site.baseurl}}/docs/administration/single-sign-on/sso-setup-oauth2/#syncing-of-teams-after-initial-sso-setup) .

**IDP Entry* - The SSO endpoint of your Identity Provider. (Ex: For Azure SAML, this is the Login URL)

**Application Certificate* - The security certificate of your Identity Provider. Paste the value directly on the field. Do not convert to base64 or any other encoding by hand. (Ex: For Azure SAML, this will be Certificate (Base64) and the value needed is between the -----BEGIN ... and -----END... from the downloaded cert)

**Assertion URL* -`https://g.codefresh.io/api/auth/<your_codefresh_client_name>/callback​` (where ​<your_codefresh_client_name>​ is taken from the SSO configuration you created on the section above. It was automatically generated by Codefresh after saving the SSO settings).

**Auto Sync users and teams to Codefresh* - This only works for Google / GSuite SAML integration.

When syncing users with custom schema, in the*Sync* field, add the custom schemaName. Otherwise, if you are syncing all users and groups, leave this field empty.

Click the*SAVE* button and make sure to note down the`Client Name` that was autogenerated.

Then in the settings of your Identity Provider create a new Service Provider and provide the following: