Requirements
Your organization uses Google Workspace for authentication.
You have an Admin role.
Just-in-Time(JIT) Provision
With SAML integration, once a user is created on your end (optionally included in a group that has access to Kubit), that user can log in to Kubit immediately. The user profile information will also be automatically updated at every login time.
When a user is deleted/deactivated on your end, they will lose access to Kubit immediately too. There is no offline communication required.
β
Configure SAML app
Login into the Google Workspace admin console and navigate to the Web and mobile apps screen under the Apps tab.
Click on the Add app menu and select Add custom SAML app.
On the App details screen name user Kubit as the App name. Download the Kubit logo from the provided Logo URL and upload it as an App icon.
On the step screen(Google Identity Provider details) copy DOWNLOAD METADATA button. Share the metadata file with Kubit Team.
On the next step(Service provider details) use the provided ACS URL and Entity ID from Kubit.
On the next step(Attributes) map attributes as follows:
π Roles and Permissions
You can manage permissions on the Kubit platform using your IdP groups by mapping the groups attribute. This step is mandatory for utilizing groups for permission management within the Kubit platform.
Google Directory Attributes | App attributes |
Primary email | |
First name | given_name |
Last name | family_name |
First name | name |
Test
Once configured properly on both sides, please work with the Kubit Team to test the integration. You will be provided a test URL.
β
Open Access
You may choose to turn on Kubit App to everyone, or a specific group
IdP-Initiated Login
Due to security concerns, Kubit doesn't support IdP-Initiated SSO. The user has to go to the Kubit website first to initiate the login (SP-Initiated).
β
Clicking on the Kubit App logo on Google Workspace Dashboard would fail. We don't know a way to hide that logo.