How do I configure Artifactory SAML SSO with Google?

How do I configure Artifactory SAML SSO with Google?

 

On Google

  1. Sign in to the Google Admin console.

  2. Click Apps > SAML apps

  3. Select the Add a service/App to your domain link or click the plus (+) icon in the bottom corner.

  4. Click Setup my own custom SAML App.
    Screen Shot 2016-05-19 at 1.53.25 PM.png

  5. Google IDP Information window will open with the SSU URL and the Entity ID URL fields automatically populated:
    Screen Shot 2016-05-19 at 1.54.34 PM.png

  6. We will use Option 1 on the is Window for the Artifactory SAML setup.


On Artifactory

  1. Log in as a user with an administrator privilege to Artifactory.

  2. Click on the “Admin” tab.

  3. Configure Custom URL Base of your Artifactory.

  4. Click on “Security” (in the left menu)

  5. Click on “SAML Integration” (in the left menu).

  6. Enable the SAML Integration.

  1. Provide the following parameters:

  • SAML Login URL – Paste the content of the SSU URL field from the from the Google IDP Information window

  • SAML Logout URL – Paste the content of the SSU URL field from the from the Google IDP Information window.

  • SAML Service Provider Name – The value of Custom URL Base which was configured on step #3.

  • SAML Certificate – Paste the content of the certificate that you packed from the  Google IDP Information window. 

 8. Configure options related to processing users accounts by Artifactory and save the configuration.

On Google

NOTE: SAML Service Provider Name = Custom URL Base

  1. Click next to Step 3, name the Application (such as ‘Artifactory’) and add a description. Optional is to upload a PNG or GIF file to serve as an icon.

  2. Click next to Step 4. You will get the following Service Provider Details window:

 

  • ACS URL –  The value of <Custom URL>/webapp/saml/loginResponse

  • SAML Service Provider Name – The value of Custom URL Base

  • Start URL- The value of <Custom URL>/webapp

3. Leave Signed Response unchecked.

The server name is ‘https://test.jfrog.io/test/’ (which is also the custom base url).

Here is the matching setup.

4. Click Next and Finish.

5. Select your new SAML app.

At the top of the gray box, click Settings and choose: Screen Shot 2016-05-19 at 2.59.52 PM.png

On for everyone – to turn on the service for all users (click again to confirm).

Off – to turn off the service for all users (click again to confirm).

On for some organizations – to change the setting only for some users.

6. You are set . Ensure that your user account email IDs match those in your Google Apps domain when trying to login to Artifactory.