Setting up Google SSO for Bitrise

Last updated at 2021-01-05

This guide provides step-by-step instructions on setting up Bitrise as a SAML application on G Suite.

SAML SSO with Org Elite and Velocity plans

Please note that SAML SSO is only available for an Org with the Org Elite and Velocity plans. If you try to set up SAML SSO to an Org that has an Org Standard subscription, the Single Sign-On tab will appear on the left menu bar in your Account Settings but you won’t be able to use it. Click Upgrade to Org Elite in the pop-up window to use SAML SSO in your Org.

Since the SAML SSO feature is tied to the Org Elite and Velocity plans, if you decide to downgrade, you will lose this feature. All Org members will receive an email about the downgrade and you’ll have two weeks to re-upgrade to the Org Elite plan if you wish to use SAML SSO in your Org again.

Before you start

Before connecting SAML SSO to your Organization, make sure:

If you are an Org owner on Bitrise, you will have to use the Single Sign-On tab to set up a SAML SSO connection between your SAML SSO provider and your Bitrise Org.

  1. On your Bitrise Dashboard click your avatar, then click Account settings in the dropdown.
  2. The Overview page displays all the Orgs you’re a member of. Select the Org where you wish to set up the SAML SSO connection.
  3. On the left menu bar, click the Single Sign-On which will take you to the Enable Single Sign-On page.
  4. Continue with Getting configuration information from Google.

Getting configuration information from G Suite and Bitrise

  1. Sign into your Google Admin Console.
  2. Select Apps on the Admin Console page.
  3. On the Apps page, click SAML apps.
  4. On the Web and mobile apps page, click the Add apps button, and select the Add custom SAML app option from the dropdown.
  5. On the App details page add Bitrise as your app name. Please note it must be Bitrise as no other format is accepted. Click Continue.
  6. On the Getting Identity Provider details page:
    • Copy the SSO URL and paste it on the SAML SSO provider Single Sing-On URL (SSO URL) on Bitrise.
    • Copy the whole content of the Certificate field and paste it in the SAML SSO provider certificate field of Bitrise. You can upload the Certificate from your local computer too.
  7. While you are in Bitrise, click the Copy Link button to copy the Assertion Consumer Service URL (ACS URL). We will need it on G Suite in a second. Let’s NOT click the Configure SSO button just now!
  8. Let’s head back to the Getting Identity Provider details page of G Suite. Click Continue.
  9. On the Service provider details page:
    • Paste the Assertion Consumer Service URL (ACS URL) of Bitrise in the ACS URL field on G Suite. (Remember, we got the link at Step 7.)
    • Type Bitrise in the Entity ID field. Please note it must be Bitrise as no other format is accepted.
    • Tick the Signed response checkbox under START URL (optional).
    • Click CONTINUE.
  10. Click the Configure SSO button on Bitrise.
  11. On G Suite’s Attribute mapping page, click Finish - you do not have to configure anything here.

Enabling Bitrise app for a group or an organizational unit

All there is left to do on G Suite is to enable the newly created Bitrise app for a group or organization of your choice.

  1. Go to the Web and mobile apps page on G Suite and select Bitrise from the Apps list.
  2. Click User access to get to the Service status page.
  3. Select ON for everyone and hit Save.

What’s next?

Learn how you can log into your Org now that SAML SSO is set up.

You might wan to check out Org member’s SAML SSO statuses once the connection is up.

You might want to enforce SAML SSO login to the Org once all Org members have authorized their SAML SSO connection to the Org.

Disabling SAML SSO is very simple - learn how.