Google SAML

In Infisical, head to your Organization Settings > Authentication > SAML SSO Configuration and select Set up SAML SSO.

Next, note the ACS URL and SP Entity ID to use when configuring the Google SAML application.

2.1. In your Google Admin console, head to Menu > Apps > Web and mobile apps and create a custom SAML app.

2.2. In the App details tab, give the application a unique name like Infisical.

2.3. In the Google Identity Provider details tab, copy the SSO URL, Entity ID and Certificate.

2.4. Back in Infisical, set SSO URL, IdP Entity ID, and Certificate to the corresponding items from step 2.3.

2.5. Back in the Google Admin console, in the Service provider details tab, set the ACS URL and Entity ID to the corresponding items from step 1.

Also, check the Signed response checkbox.

2.6. In the Attribute mapping tab, configure the following map:

• First name -> firstName
• Last name -> lastName
• Primary email -> email

Click Finish.

Back in your Google Admin console, head to Menu > Apps > Web and mobile apps > your SAML app and press on User access.

To assign everyone in your organization to the application, click On for everyone or Off for everyone and then click Save.

You can also assign an organizational unit or set of users to an application; you can learn more about that here.

Enabling SAML SSO allows members in your organization to log into Infisical via Google Workspace.

Enforcing SAML SSO ensures that members in your organization can only access Infisical by logging into the organization via Google.

To enforce SAML SSO, you’re required to test out the SAML connection by successfully authenticating at least one Google user with Infisical; Once you’ve completed this requirement, you can toggle the Enforce SAML SSO button to enforce SAML SSO.