This guide assumes you have completed the prerequisite steps (e.g. generate self-signed X.509 certificates) outlined here.
Firezone supports Single Sign-On (SSO) using Google through the generic SAML 2.0 connector. This guide will walk you through how to configure the integration.
Create a SAML connector
In the Google Workspace admin portal, create a new SAML app under the Application > Web and mobile apps tab. Use the following config values during setup:
|App icon||save link as|
|ACS URL||This is your Firezone |
|Entity ID||This should be the same as your Firezone |
|Name ID format||Unspecified|
|Name ID||Basic Information > Primary email|
Once complete, save the changes and download the SAML metadata document. You'll need to copy-paste the contents of this document into the Firezone portal in the next step.
Add SAML identity provider to Firezone
In the Firezone portal, add a SAML identity provider under the Security tab by filling out the following information:
|Config ID||Firezone uses this value to construct endpoints required in the SAML authentication flow (e.g., receiving assertions, login requests).|
|Label||Appears on the sign in button for authentication.|
|Metadata||see note||Paste the contents of the SAML metadata document you downloaded in the previous step from Google.|
|Require signed assertions||Checked.|
|Required signed envelopes||Unchecked.|
After saving the SAML config, you should see a
Sign in with Google button
on your Firezone portal sign-in page.