Google SAML Setup
Contents
Google SAML Setup#
This page provides instructions on how to integrate Squirro with Google’s Single Sign-on offering.
Configure Google Apps#
Open the Google Admin console.
Click Apps.
Click SAML apps.
Create a new SAML app using the plus button at the bottom right.
Download the IDP metadata file - this is required for Squirro later
Fill out the basic information:
Fill in the service provider details:
No mapping need to be defined.
Finish the process and close the resulting dialog.
Now enable the Squirro app for everybody, by clicking on the hamburger menu and clicking ON for everyone
Configure SAML Metadata#
To configure SAML Single Sign-On with the federation metadata file, go to the Server space in Squirro and in the navigation on the left select Single Sign-On (SAML).
Press the orange plus icon on the top right. Fill out the form:
Domain:
*
Enabled: Check
Metadata file: upload the
GoogleIDPMetadata-squirro.com.xml
file that was downloaded from Google earlierUser group: Select a user group which should be assigned to all SSO users
Enable SSO#
For security reasons, the final configuration needs to be done directly on the server. Log into the server using SSH or similar means and edit the file /etc/squirro/frontend.ini
. Then append the following lines at the end:
[security]
sso_enabled = true
sso_endpoint = http://localhost:81/studio/extauth_saml/extauth
Reduce HTTP Session#
By default Squirro will keep user sessions for 30 days, surviving browser restarts as well. In a Single Sign-On environment, this should be changed to the session expiring once the user restarts the browser. This can be achieved by changing /etc/squirro/frontend.ini
and adding the following lines:
[frontend]
session_permanent = false
Restart the frontend service to make these config file changes active:
service sqfrontendd restart