Configure SAML with Google

Last modified: Wednesday June 09, 2021.

Configure Google as your SAML IdP for Alta Video.

Task — Create custom Google attributes

  1. Log in to the Google Admin Console.
  2. Open Directory > Users.
  3. Select More > Manage custom attributes.
  4. Click ADD CUSTOM ATTRIBUTE.
  5. In Category, type Alta Aware Cloud or similar.
  6. Optionally, add a description.
  7. In Name, type role.
  8. Select the following fields to the specified values:
    • Info type = Text
    • Visibility = Visible to user and admin
    • No. of values = Single Value.
  9. Click ADD.
    The Custom attribute is added.

    10. After you have added the Custom attribute for role, you must map this attribute to the role that you have set up in your Alta Video Cloud deployment for each user being given access to Alta Video Cloud from the Google Admin Users > <user> >User information user interface.

Task — Configure Google IdP

  1. Log in to the Google Admin Console.
  2. Click Apps.
    Google Apps
  3. Click Web and mobile apps.
  4. On the menu bar, click Add App > Add custom SAML app.
  5. In the App name field, type Alta Video.
  6. Click Continue.
  7. Click Download metadata.
    An XML file downloads to your computer which you will need to complete the Configure Alta Video to enable SAML single sign-on task.
  8. Click Continue.
  9. In the Service provider details dialog box, do the following:
    1. In the ACS URL field, paste the ACS URL you obtained from Alta Video Cloud.
    2. In the Entity ID field, paste the Entity ID you obtained from Alta Video Cloud.
    3. Select the Signed response checkbox.
    4. Click Continue.
  10. In the Attributes dialog box, create and configure your attributes:
    1. To configure the Primary email attributes:
      1. Click ADD MAPPING.
      2. In the Google directory attributes menu, select Basic Information > Primary email.
      3. In the corresponding App attributes field, type AvaAwareEmail.
      4. Click ADD MAPPING.
      5. In the Google directory attributes menu, again select Basic Information > Primary email.
      6. In the corresponding App attributes field, type AvaAwareUsername.

        AvaAwareUsername is used in Alta Video Cloud, it can be the user's email address or any other suitable unique identifier.

    2. To configure the role attribute:
      1. Click ADD MAPPING.
      2. In the Google directory attributes menu, select Basic Information > Alta Video Cloud> role.
      3. In the corresponding App attributes field, type AvaAwareUserGroup.
  11. Click Finish.
  12. In the SAML application summary, expand the User access section, and change the service status to ON for everyone to enable the application for all users, or select specific groups or organizational units for fine-grained control.
  13. Return to the task in Configure Alta Video to enable SAML single sign-on.