Skip to content

Configure SAML SSO with Google for your organization

Permissions

  • Super administrator permissions are required to set up SSO in Google Workspace admin.
  • Administrative permissions are needed to configure SSO in the Lightrun Management Portal.

Lightrun offers support for Single Sign-On (SSO) using Google as the identity provider (IdP) by integrating Lightrun with the SAML 2.0 integration in Google Workspace admin. Using SAML, Lightrun functions as a service provider, receiving user authentication information from Google, which serves as the external identity provider. When SSO is enabled, Lightrun is no longer responsible for user authentication, but still manages the redirection of login requests to the identity provider and verifies the integrity of the response from the identity provider.

The process of setting up SSO involves these main stages:

  • Setting up the Lightrun SAML integration in Google Workspace admin.
  • Configuring and enabling SSO in the Lightrun Management Portal.

Set up Lightrun SAML integration in Google

Setting up the Lightrun integration in Google includes these main steps.

Step 1: Copy Redirect URL in the Lightrun Management Portal

  1. Log in to your Lightrun account.
  2. In the Identity and Access Management > Identity Configuration > Identity Methods.
  3. To enable SSO, click the SSO toggle.

    SAML Applications --half

  4. Select SAML as your SSO protocol.

  5. Select Other as your Identity provider.
  6. From the Service Provider's Redirect URL field, click Copy.

    This field will serve as the redirect URL used when configuring the identity provider.

  7. From the Service Provider's Entity ID field, click Copy.

    This field will serve as the unique identification of the SAML Service provider.

Step 2: Set up the Lightrun application in Google

Follow the Add app wizard to set up the Lightrun SAML app in Google.

  1. Sign in to Google Workspace admin as a super administrator.
  2. Click Add App > Add custom SAML app.

    custom SAML App --half

  3. Enter the app name for example , and optionally, upload an icon for your app. The app icon is visible in the Web and mobile apps list, within the app settings page, and in the app launcher. If no icon is provided, one will be automatically generated using the first two letters of the app's name.

  4. Click CONTINUE.

    The Step 2: Google Identity Provider details window opens.

    Google identity provider details --half

  5. Copy the URL in the SSO URL field to be pasted in the Lightrun Management Portal.

  6. Click Continue.

    The Step 3: Service Provider details window opens.

    Google service provider details --half

  7. Paste the ACS URL value you copied from the Lightrun SSO section for Identity Provider’s SSO URL field.

  8. Paste the Entity ID value you copied from the Lightrun SSO section for Service Provider’s Entity ID field.
  9. Set Name ID to EMAIL.
  10. Ensure the following values are left empty without any changes.

    Google attributes --half

  11. Click Complete.

    The <Lightrun-app> is created.

  12. Click TEST SAML LOGIN to verify that connection is working.

    Test integration --half

  13. Click User access to validate that the relevant user groups in your Google account can access the <Lightrun app>.

  14. Ensure that Service status is set to Off for everyone.

    Service Status off --half

  15. Click Save.

Step 3: Configure and enable SSO in Lightrun

Setting up the SSO in the Lightrun Management Portal includes these main steps.

  1. Log in to your Lightrun account.
  2. Click Settings on the top right-hand side of your screen to navigate to Identity and Access Management > Identity Configuration > Login methods > SSO section.

    !Lightrun sso --half

  3. To enable SSO, click the SSO toggle.

  4. Select SAML as your SSO Protocol.
  5. Select Other as your Identity Provider.
  6. In the Identity Provider's SSO URL field, paste the SSO URL you copied from the Google Step 2: Identity Provider’s details window, which is used to send authentication requests (SAMLAuthnRequest).
  7. Click Save.

Sign in to Lightrun with SSO

  1. Navigate to the Lightrun Management Portal login page.
  2. Click Single Sign-On.

    You will be redirected to insert your Google account email, and from there to authenticate successfully using Google.

Further reading


Last update: September 29, 2024