In this tutorial, you'll learn how to set up SSO in Orchidea with Google as your identity provider (Custom Saml App)
📌This feature is available on Orchidea Professional and Enterprise plans
Follow these steps to add custom SAML app (SSO) in the Google workspace admin portal.
- Click Web and mobile apps on the left side navigation in Google Admin. Then, from the Add app menu select Add custom SAML app.
- Fill in App name, Description and click Continue.
- Download the metadata and click Continue
- 1. Add "https://app.orchidea.dev/api/saml/login/" to ACS URL as place holder address. This will be changed later. 2. Add "https://orchidea.dev" to Entity ID. 3. Select "Signed response" check box. 4. Choose EMAIL as Name ID format and click Continue
- Click Add mapping button three times to add needed attribute mappings. Select following Google directory attributes and write following texts to App attributes inputs:
Primary email -> Email, First name -> First name, Last name -> Last name
Click Finish - Navigate to Workspace settings by clicking the sprocket icon in the right top corner of Orchidea.
- Click Authentication on the left-side navigation. Then, click + Add new IDP.
- Add all needed information:
IDP name: E.g. Google.
Click Select file and choose the metadata file which you downloaded earlier from Google.
Write following attribute names exactly like this:
First name -> First name, Last name -> Last name, Email -> Email, User id -> Email
Notice! (4)
To ensure that new user accounts are automatically associated with this IDP upon their first login to Orchidea, enter the relevant email domains in the Automatic User Creation section. This will allow all users with matching email domains to be automatically linked to this IDP and required to use it for authentication.
Click Submit to create new IDP - Click Copy reply URL button from IDP you just created to copy the address to clipboard
- Go back to Google Admin panel and click down arrow from Service provider details -view
Modify the ACS URL by pasting new value from clipboard. You copied this value in step 9. Click Save. - Final step is to change User access, click the down arrow from User access -view
And modify acces. Click Save - To test the integration, you can (1) bind the IDP to chosen user by selecting the IDP for the user in User management list view. If you are testing this by your self, It's recommended to also switch the Manual sign in (2). This will ensure that you will not loose access to your workspace if the integration will not work for some reason.
Sign out from Orchidea and sign back in using IDP option during the login process.