For you to enable SSO, our support team must first turn on the option for your organization. To get SSO turned on, please reach out to our support team at firstname.lastname@example.org.
After contacting FireHydrant support to get SSO turned on for your organization, follow the steps in this article.
Setting up single sign on with Google enables users in your G Suite account to authenticate (and provision) into your FireHydrant organization.
To follow the configuration steps, you must have permission to configure SAML applications in your Google admin panel. You must also have the role of Owner on FireHydrant to enable SSO for your account.
Creating the SAML Application
To get started:
- Follow Google's instructions on how to set up your own custom SAML application. Google prompts you with steps to configure an app.
- In a separate browser tab, open FireHydrant's SSO settings page.
- In FireHydrant, check Enable SSO. Three additional fields appear, requiring:
- an IdP Login URL
- the IdP Issuer
- an IdP X509 Certificate
- Locate this information from the Google Identity Provider Details page where you're following the application setup steps.
- Copy the SSO URL into the IdP Login URL field in FireHydrant.
- Copy the Entity ID field into the IdP Issuer field on FireHydrant.
- Download the certificate that Google generates.
- Open the file in a text editor.
- Copy the entire contents of the certificate file and paste the text into FireHydrant's field for IdP X509 Certificate.
- (Optional) In the Domains section, add the email domain name for your organization. This enables a message that appears when users attempt to log in using credentials from your org, advising them to log in with SSO.
- Click Save in FireHydrant.
- In the Google UI, provide the application name and (optionally) a description.
- Click Next. Google prompts you to fill in Service Provider details.
- For the ACS URL and Entitiy ID fields, enter
- Enable the Signed Response checkbox.
- Verify that Primary Email is selected for the Name ID section. This is how your SSO configuration automatically creates accounts or logs existing users in to FireHydrant.
- For the Name ID Format field, select Email.
- Click Next.
- (Optional) On the last step of the Google setup, provide any attribute mappings you'd like to include when users are sent to FireHydrant. These are optional, but we recommend setting the first and last name attributes so when users are provisioned, their names are automatically set correctly in FireHydrant.
- Click Finish. This completes your Google SSO setup.