Configure SSO SAML with Google

👉 Configure Didomi Console in Google admin

  1. Login to your Google admin console.
  2. Go to Apps.
  3. Go to Web and mobile apps.
  4. Click Add App.
  5. Click Add custom SAML app.
  6. In app details, add App name (for example: "Didomi Console).  This will be the app where all your SSO SAML settings will be done for Didomi Console.
  7. Click on Continue.
  8. Under Google identity provider details, collect the following data and keep them for later:
  9. SSO URL This will be pasted in Didomi console field Login URL.
    X.509 Copy the certificate.
  10. Click on Continue.
  11. Under Google’s Service provider details, you need to enter your SSO identifiers collected from Didomi Console:
  12. ACS URL Login URL value
    Entity ID Configured issuer value
    Name ID
    1. In Name ID format, select: EMAIL
    2. In Name ID, select: Basic information > Primary email

    You can find this information from the Marketplace section of the Didomi console.
    Go to the "Manage" tab and enter the "SSO" box. 
  13. You will find there your SSO SAML identifiers. 

  14. Under Attribute mapping, click Add another mapping to map additional attributes.
  15. Under Google Directory attributes, select: Primary Email.
  16. Under App attributes enter: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  17. Click on Finish.

👉 Turn on Didomi Console SAML app

  1. Login to your Google admin console.
  2. Go to Apps
  3. Go to Web and mobile apps.
  4. Select the SAML app you have configured for Didomi.
  5. Click on User access.
  6. To turn on or off the SAML app for everyone in your organization, click On for everyone or Off for everyone.
  7. Click on Save.

Once turned on, the changes may take up to 24h to be effective on Google side as it is mentioned in this documentation.