Important notice: Our mobile app does not support login with this feature since Google stopped supporting embedded webviews for SSO and now requires you to use an actual browser (e.g. real Safari, or the official in app safari web browser), which is why they are blocking our webview request, see https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html for more info
Web Browser SSO
To set up SSO with Google or G-Suite, follow the steps outlined in this support page https://support.google.com/a/answer/6087519?hl=en. (Note: you will require Google administrator permissions to do this.)
More information regarding each step is given below.
Setting up a custom SAML application
From the Admin console dashboard, navigate to Apps > SAML Apps.
To add Beekeeper as a new custom app, click the plus (+) icon in the bottom corner and select ‘Set up my own custom app’.
Google IdP information
Download the IdP metadata provided under Option 2 of the IdP information step. This metadata will be used later to configure SSO for your Beekeeper app in the admin dashboard.
Basic information for your custom app
This information determines how the application appears to your users. You can determine the app name and description, as well as provide a logo.
You can use the Beekeeper logo, or provide your own.
Service provider details
Use the following configuration for the Service Provider details:
- ACS URL: https://your_company.beekeeper.io/saml/sso
- Entity ID: https://your_company.beekeeper.io/saml/sso/metadata.xml
- Start URL: https://your_company.beekeeper.io
- Signed Response: unchecked
- Name ID*: Basic Information, Primary Email
- Name ID Format: PERSISTENT
*The Name ID field is used to match users between Beekeeper and Google and will be mapped to the user’s tenant user ID, or ‘User-Id’ field in the admin dashboard.
You can map fields from a user’s Google profile into their Beekeeper profile by providing a list of attribute mappings.
These fields may include:
- name (attribute mapping for username)
*Note: Each field needs a corresponding Profile Field in the Beekeeper Dashboard.
Activating the Beekeeper SAML app
When you create a custom SAML app through the Google Admin console, it is turned off by default. To ensure that Beekeeper is visible to users when logged in to their Google Apps account, activate the app as follows:
- In the Admin console, navigate to Apps > SAML Apps
- Select the Beekeeper SAML app
- Click the More (︙) menu and select ‘ON for everyone’
Configuring Beekeeper with the IdP metadata
Once you have created and activated a custom SAML app for Beekeeper in the Google Admin console, add your Google IdP metadata to Beekeeper through the admin dashboard, in the appropriate field under Settings > General > Single Sign-On.