Documentation
Start typing to search…

Google

Configure Single Sign-On between Sublime and Google

SAML Configuration

Below are the steps for setting up SAML with Google Workspace.

Obtain Your Sublime Single Sign-on URL

  1. Sign in to your Sublime instance. Navigate to Admin > Account
  2. Scroll down and under the Authentication section, click the pencil icon next to SAML
  3. Copy/take note of the Single Sign-on URL. You'll use this URL in the next section when configuring SAML for your Google Workspace application.

Google Workspace Configuration

  1. Sign in to your organization's Google Workspace Admin Console
  2. On the left-side navigation bar, navigate to Apps > Web and mobile apps
  3. Click the Add App dropdown, and select Add custom SAML app
  1. Provide an App name, such as "Sublime Platform"
  2. Optionally add a logo. You can download the Sublime logo here.
  3. Click Next
  4. Download IdP metadata to be uploaded in the Sublime Dashboard in the next section
  1. Click Continue
  2. For ACS URL, paste the Single Sign-on URL you copied from the Sublime dashboard
  3. For Entity ID, paste the Single Sign-on URL you copied from the Sublime dashboard
  4. For Start URL, paste the Single Sign-on URL you copied from the Sublime dashboard
  5. For Name ID format, select EMAIL
  6. For Name ID, utilize the default selection of Basic Information > Primary Email
  1. Click Continue
  2. Leave the Attribute Mapping configuration blank and click Continue

Add SAML Settings to Sublime

  1. In Sublime, navigate to Admin > Account
  2. Under Authentication, click the button next to SAML
  3. Select Metadata XML Upload and upload the Google IdP Metadata XML you downloaded in the section above
  1. Click Save

Test SAML Configuration

  1. Add/Ensure the expected user(s) to test are present in both the Sublime Console and User Access application settings in Google Workspace.
  2. From the Sublime SAML app configuration page, click Test SAML Login
    1. If successful, you can now change the Sublime Allowed methods config to disable username/password login.
    2. If unsuccessful, please double check all fields with URL values across both platforms and contact us if you're still running into any issues 👋

OIDC Configuration

Below are the steps for obtaining OIDC settings via Google. In order to use Google's OpenID Connect feature, you'll need to create a Google Cloud Platform Project with an OAuth app restricted to your organization, then create a Client ID/Secret pair to use to set up OIDC in Sublime.

Obtain Your Sublime Redirect URI

  1. Sign in to your Sublime instance. Navigate to Admin > Account
  2. Scroll down and under the Authentication section, click the pencil icon next to Open ID Connect
  3. Copy/take note of the Redirect URI. You'll use this URL in the next section when configuring OIDC for your Google Workspace application.

Google Cloud Configuration

  1. Sign in to your organization's Google Cloud Platform (GCP) Console.

  2. Create a new Project, and assign it a name. We recommend something along the lines of "Sublime Platform".

  3. On the left-side navigation bar, navigate to APIs & Services > OAuth consent screen

  4. Complete the guided Project Configuration as follows:

    1. App Information - Input a name for the application (i.e. "Sublime Platform") and select a designated administrator as the support email address.
    2. Audience - Select Internal
    3. Contact Information - Input a designated contact from your organization (this can be the same contact specified in the step above)
    4. Check the Google API agreement box and click Create

    Google OAuth configuration example (Step 4.ii referenced)

  5. In the OAuth project you just created, navigate to Clients via the left-side Navigation Bar

  6. Click Create Client

  7. From the Application Type dropdown, select Web Application

  8. Once again, enter an application name

  9. Under Authorized redirect URIs, click +Add URI

  10. Enter the Redirect URI you copied from the section above

  1. From the presented modal, copy both the Client ID and Client secret values. You'll use these values in the next section.

Add OIDC Settings to Sublime

  1. Log into the Sublime Platform
  2. Navigate to Admin > Account
  3. Under Authentication, click the button next to Open ID Connect
  4. Enter your OIDC issuer URL, client ID, and client secret
    1. The Issuer URL is when configuring OIDC with Google ishttps://accounts.google.com
    2. Your Client ID is the Client ID noted in the previous section
    3. Your Client Secret is the Client secret noted in the previous section
  5. Click the Save button

Test OIDC Configuration

You should now be able to sign into Sublime with Google. You can verify the integration is working by either selecting the Sublime Platform application in Google, or by loading the Initiate login URL from your OIDC settings in Sublime.

📘

Matching User Required

For a user to successfully sign into Sublime with Google, there must already be a matching user with the same email address in Sublime.

Updated about 3 hours ago