Contents x
    Single Sign On Using Google Workspace
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Single Sign On Using Google Workspace

    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    • SSO is only available in the Enterprise plan.
    • To manage users exclusively through SSO, please contact support and specify that you want user management to be restricted to SSO.

    Overview

    Rivery supports connecting into your account using the Single Sign On (SSO) method, using your Google Workspace configuration.

    Please Note:

    • For specific plans only.
    • In order to start this process, please reach out to your CSM.

    Configuring needed in Google Workplace

    1. Log in to your Google Admin account and go to the Apps -> Web and mobile apps.

    image.png

    1. In the panel, select Add App.

    image.png

    1. Click Add custom SAML app.

    image.png

    1. Enter “Rivery” as the application name and click Continue to switch to the Google Identity Provider details page.

    Get Sign on URL, Issuer (Entity ID) and Public certificate

    1. Make a note of the SSO URL. This is the Sign on URL in Rivery.

    2. Make a note of the Entity ID. This is the Issuer in Rivery.

    3. Make a note of the Certificate: Open the copied certificate file in any text editor.
      The certificate is a string inside the
      -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- statements.

    4. Click Continue to switch to the Service provider details page.
      certificate.png

    5. Contact your Rivery CSM and Provide him/her the SSO URL, Entity ID, and the certificate to your workspace.

    6. The CSM will provide you as a response the ACS URL.

    Configure the custom SAML application for Rivery

    1. Enter the ACS URL provided to you by your CS.
      image.png

    2. Enter “Rivery” as the Entity ID.
      image.png

    3. Set the Start URL in the following way (by the acquivilant region):

    For US console: https://console.rivery.io/
For EU console: https://eu-west-1.console.rivery.io/

    Leave and the Signed response checkbox checked.
    image.png

    1. Set the Name ID format to UNSPECIFIED.

    2. Set the Name ID to Basic Information > Primary email.
      image.png

    3. Click Continue to switch to the Attribute mapping page.

    4. In the Attribute mapping page, Click ADD MAPPING twice.

      1. Select the Basic Information/Primary email in the Google Directory attributes for the third row → Enter email in the App attributes for the third row.

    6. Select the Basic Information/First name in the Google Directory attributes for the first row → Enter firstname in the App attributes for the first row.

    7. Select the Basic Information/Last name in the Google Directory attributes for the second row → Enter lastname in the App attributes for the second row.

    8. Select the Basic Information/Primary email in the Google Directory attributes for the third row → Enter NameID in the App attributes for the third row.
      mapping.png

    9. Click FINISH.

    Testing your SSO

    1. Log in to the Google account you have granted access to.

    2. Select the Rivery button from the App selector:
      image.png

    3. You will be redirected to your Rivery account.

    Please Note:
    After setting up SSO, the default landing URL for your Rivery console will be https://console.rivery.io/home/[account_id]/default_env, indicating that all users have access permissions to the default Environment.

    Was this article helpful?
    What's Next