Below is a step-by-step guide for setting up Google SAML as the SSO provider for Flow Enterprise Server.
Important: These instructions apply only to Flow Enterprise Server.
-
Begin the process to set up your own custom SAML application (external site, opens in new tab).
-
Add an app, give the app a name, and upload an app icon if desired.
-
Download the IDP metadata.
-
-
In another tab, open Flow.
-
From the top navigation, click Settings.
-
In the left navigation, click SSO under User Management.
-
Click Add SAML integration.
-
Paste the downloaded metadata in the Metadata field.
-
Fill in the Entity ID/Sign in URL field with the URL you will use to log in with after you configure your integration. You can use your organization name or something else, but it must be unique. Copy this URL.
-
Check Manage roles within GitPrime.
-
If you have users that already signed into Flow before you created this SSO Integration, check Merge New Users on Email to ensure all users are logging in via SSO. Checking this box automatically deletes the previous logins and forces all existing users to log in via your SSO platform.
-
In the Full name field, enter FirstName LastName. This field is case sensitive and the inputs must be entered exactly.
-
In the Email field, enter Email. This field is case sensitive and the input must be entered exactly.
-
Click Save to complete your configuration in Flow.
-
Go back go Google. In the Service Provider Details window, fill out the following fields:
-
ACS URL: Paste the Entity ID/Sign in URL from Flow.
-
Entity ID: Paste the Entity ID/Sign in URL from Flow.
-
-
Under Attribute mapping create three new attributes. These fields are case sensitive and must be entered exactly as listed.
-
For the first attribute, set the attribute to FirstName. Set the category to Basic information. Set the user field to First Name.
-
For the second attribute, set the attribute to LastName. Set the category to Basic information. Set the user field to Last Name.
-
For the third attribute, set the attribute to Email. Set the category to Basic information. Set the user field to Primary Email.
-
-
Click Finish.
-
Turn on your SAML app by selecting On for everyone. Click Save.
Troubleshooting
If users are unable to log in to Flow using your Sign in URL, clear the cached files in your browser or try logging out of your Google account, then logging back in.