This procedure describes how to configure JFrog Artifactory SAML SSO with Google.
Note
This procedure is for Artifactory versions that support multiple SAML SSO configurations. From Artifactory version 7.83.1, the ability to create multiple configurations for SAML SSO providers is gradually being rolled out to Cloud only. For more information about multiple SAML SSO configurations see SAML SSO.
Before creating multiple SAML configurations, JFRog recommends deleting the old configuration and reconfiguring it with a different setting name other than Default. If you reconfigure your SAML configuration, you must also update the relevant information in the Identity Provider server.
To set up Azure to work with Artifactory versions that support single SAML SSO configuration, see https://jfrog.com/help/r/how-do-i-configure-artifactory-saml-sso-with-google/on-google.
For more information about Google setup information, see https://support.google.com/a/answer/6087519?hl=en#zippy=%2Cstep-add-the-custom-saml-app.
To obtain setup information from Google:
Sign in to the Google Admin console.
Go to Menu > Apps > Web and mobile apps. Then select Apps > SAML App.
Select the option Add a service/App to your domain link or click the plus + icon in the bottom corner.
Click Setup My Own Custom App.
The Google IDP Information window will open with the SSO URL and the Entity ID URL fields automatically filled in.
Select Option 1 for the Artifactory SAML setup. Copy the SSO URL and Entity ID and download the Certificate.
To set up the JFrog Platform to work with Google, in a separate browser tab or window, you need to sign in to Artifactory and enter the information you copied:
Log into Artifactory with administrator privileges.
To set up your Artifactory custom base URL, see https://jfrog.com/help/r/artifactory-how-can-i-change-the-existing-base-url-of-artifactory/changing-the-custom-base-url.
In the Administration module, go to Authentication | SAML SSO.
To add a new provider configuration, click Add Settings .
.
Keep the following details in mind:
Artifactory
Copy from Google
SAML Login URL
SSO URL field from the Google IDP Information window
SAML Logout URL
https://accounts.google.com/logout
SAML Service Provider Name
Entity ID from the Google IDP Information window
SAML Certificate
Certificate from the Google IDP Information window
To enable the configuration, click Enable SAML Integration.
Configure options related to processing user accounts by Artifactory.
Click Save.
Continue to set up Google to work with SAML SSO:
Note
The SAML Service Provider Name is the Custom URL Base, which is https://test.jfrog.io/test
.
Click Continue to reach Step 3.
In Step 3 name the application as Artifactory and add a description. Optionally, upload an image file to serve as an icon.
Click Continue to reach Step 4.
Fill in the Service Provider Details window.
Fill in the following details.
Google
Details
ACS URL
The service provider's Assertion Consumer Service URL receives the SAML response. It should be in the format
<CustomURL>/ui/api/v1/auth/saml/loginResponse/<saml_display_name >
, for examplehttps://test.jfrog.io/ui/api/v1/auth/saml/loginResponse/<saml_display_name>
Entity ID
The globally unique name. Use the Custom Base URL, for example
https://test.jfrog.io/test/
Start URL
Leave empty. This sets the RelayState parameter in a SAML Request, which can be a URL to redirect to after authentication.
Signed Response
Leave empty. If this is unchecked (the default), only the assertion within the response is signed.
Click Continue and Finish.
To turn on your SAML App, in the Google Admin console, go to Menu > Apps > Web and mobile apps. Select the SAML app that you created.
Click Settings.
Click User access.
To turn a service on or off for everyone in your organization, click On for everyone or Off for everyone, and then click Save. Alternatively you can change the settings only for some users.
To turn a service on or off for an organizational unit, do the following:
At the left, select the organizational unit.
To change the Service status, select On or Off.
Click Save.
Note
Ensure that your user account email IDs match those in your Google Apps domain when trying to log in to Artifactory.