This guide provides step-by-step instructions on setting up Bitrise as a SAML application on Google G Suite.
Getting configuration information from Google ⚓
- Sign into your Google Admin Console.
- Select Apps.
-
In the APPS SETTINGS page, click SAML apps.
You will see a list of the apps with their statuses (either turned on or off). On this page you can add or remove a service and enable/disable it.
- Click the + mark in the yellow circle on the bottom right corner of the screen to add Bitrise as a SAML application to the list.
- In the Enable SSO for SAML Application window, click SETUP MY OWN CUSTOM APP.
-
In the Google IdP Information window, copy the SSO URL and click DOWNLOAD.
You will need the SSO URL and the content of the downloaded certificate on the Single Sign On tab of your Bitrise Organization. Then click Next on the bottom right corner.
Now that we have the config information, we will leave Google Admin Console for a minute and fill out the required SAML SSO fields on Bitrise.
Configuring SAML SSO on Bitrise ⚓
- Go back to Bitrise.
- Click Account Settings.
- Click the Organization you want to add SAML SSO.
- Click the Organization’s Single Sign On button on the left.
-
Paste the SSO URL to the Identity provider sign-on URL field. (Remember, you’ve copied this URL from the Google IdP Information window in your Google Admin Console).
Paste the content of the downloaded certificate to the Certificate field.
-
Click the Copy Link button under Single Sign-On URL or copy the URL manually.
You will need this in a minute in your Google Admin Console.
- Click Configure SSO. Now let’s head back to your Goodgle Admin Console.
Finishing setting up Bitrise as a SAML app on Google ⚓
- In your Google Admin Console you should see the Basic information for your Custom App window.
-
Add a name to the Application Name field. (It can be any name.)
- Click Next.
- In the Service Provider Details window, do the following:
- Paste the copied Single Sign-On URL from Bitrise’s Single Sign On (Step 6 above) tab to the ASC URL field.
- Type Bitrise to the Entity ID field. This time it must be Bitrise!
- Tick the Signed Response box.
- Click Next to proceed to the Attribute Mapping window.
-
Click FINISH.
If all went well, this is what you should see:
Enabling Bitrise as a SAML app on Google ⚓
-
Click EDIT SERVICE.
- On the Service Status page, select your Organization unit on the left.
-
Click ON to enable Bitrise’s service status.
- Make sure you’re logged into Bitrise in the usual way. Use the same browser window to continue.
-
Bitrise sends a verification e-mail to all Organization members. This email contains a Sign In via SSO button and a URL. Organization members are prompted to sign in to Bitrise by clicking the Sign In via SSO button or using the provided URL.
The email also shows the Organization owner’s email address (should you need to contact them.) Click the Sign In via SSO button or copy-paste the URL to a NEW TAB of the same browser.
Below error message only appears if you’ve been trying to access the Authorization page in a Safari browser.
Error: The CORS policy for this site does not allow access from the specified Origin....As a workaround, we suggest you to copy the URL and paste it in a new tab. It will work! For all other browser types, you should be safely landing to the Authorization page.
-
On the Allow “Organization name” to sign you in window, click Authorize if you trust the Organization.
You should be landing on your Organization’s Bitrise Dashboard. You can check on the Groups tab who has been added to the org as a SAML user.
Congrats! You have successfully enabled the SAML connection! Since SAML SSO has not been enforced on your org yet, you can log in via SAML SSO or with your Bitrise credentials.
If you click Account settings and select the Single Sign-On tab from the left menu, you should see SAML SSO is enabled for your Organization. Once all Organization members have enabled their SAML SSO connection, you can enforce SAML SSO on the whole organization with a simple toggle.
