Using Google Workspace (G Suite) as your identity provider
To connect BigAnimal to Google Workspace's identity provider, you must have:
A Super Administrator role is assigned to you in Google Workspace.
Unique URL and access code provided in an email from firstname.lastname@example.org.
Open the link in the email sent from email@example.com to access the Set Up Identity Provider page in BigAnimal.
In a separate browser tab or window, log into the Google Workspace Admin console.
Select Applications, and then select Web and mobile apps:
Select Add App, and then select Add custom SAML app.
On the App Details page, enter a name for your application.
On the Google Identity Provider details page, note the Single Sign-On URL (SSO) URL and Entity ID and download the (signature) certificate (or SHA-256 fingerprint). You will need this information and the file while configuring BigAnimal later in this procedure.
The Service Provider Details page opens.
Switch to the BigAnimal browser tab.
Copy and paste the following information from the Connection Info tab on the Set Up Identity Provider page to the Service Provider Details tab in Google:
Copy from BigAnimal Paste in Google Audience URI Entity ID Assertion Consumer Service URL ACS URL
The ACS URL has to start with https://.
Switch to the Google Admin console tab.
Check the Signed Response box so that the entire SAML authentication response is signed.
From the Name ID format menu, select EMAIL. From the Name ID menu, select Primary email.
On the Attribute mapping page, select Add another mapping to map additional attributes.
Under Google Directory attributes, use the Select field menu to choose the following field names and enter the corresponding App attributes.
Google Directory Attributes App attributes Note Primary email <assertion_path>/emailaddress Required claim First Name <assertion_path>/givenname Additional claim Last Name <assertion_path>/surname Additional claim
Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.
By default, SAML Apps are turned off for everyone.
Select your SAML app and select User access to assign people or groups to the newly created application. If you need to sign into BigAnimal, be sure to assign yourself.
Switch to the BigAnimal browser tab. On the Setup Config tab on the Set Up Identity Provider page:
- Paste the Identity Provider Single Sign-on URL you copied from Google into the Single Sign-On URL field.
- For Identity Provider Signature Certificate, upload the (signature) certificate downloaded from Google.
- Select the appropriate method for Request Binding. BigAnimal supports HTTP-POST, HTTP-Redirect, and Hybrid.
- Select the appropriate value for Response Signature Algorithm. BigAnimal supports rsa-sha256 and rsa-sha1.
- Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.