CodeSignal supports SSO support for Google G Suite through SAML. This enables users to utilize Google as the identity provider in granting access to the CodeSignal platform.
Prerequisites
- You must be a CodeSignal admin for your company
- You must be a Google administrator, or have appropriate roles granted to allow these Admin changes.
In addition, please utilize the support article from Google as a reference: Set up your own custom SAML application.
Steps to Enable Single Sign-On (SSO) for G Suite:
To start, please contact support@codesignal.com
1. Sign in to https://admin.google.com with your G Suite account.
2. From the menu, navigate to Apps > SAML Apps.
3. Click on the plus (‘+’) icon on the lower right corner of the page to “Enable SSO for a SAML Application”.
4. In Step 1, choose the SETUP MY OWN CUSTOM APP at the bottom of the dialog.
5. In Step 2, please capture the SSO URL, Entity ID, and download the Certificate to be used later to configure in CodeSignal. Then, click NEXT.
6. In Step 3, type CodeSignal in the Application Name field, and optionally, provide the description and logo that will be displayed to all users who have access to the app. You may use this logo from CodeSignal. Then, click NEXT.
7. In Step 4, please provide the following information. Then, click NEXT.
| ACS URL | https://identity.codesignal.com/auth/sso/saml/authenticate |
| Entity ID | https://app.codesignal.com |
| Start URL | https://app.codesignal.com |
| Signed Response | Disable |
| Name ID | Basic Information - Primary Email |
| Name ID Format |
8. In this step, you may choose to configure additional attribute mappings in order to support Just in Time provisioning (highly recommended). Just in Time (JIT) provisioning will create a CodeSignal user automatically when they try to log in for the first time. Please refer to the CodeSignal Knowledge Base article on JIT provisioning for more information. Then, click FINISH.
9. Log in to your company's CodeSignal account. You will need to be a CodeSignal admin to complete this step.
10. Click ORGANIZATION SETTINGS in the drop-down menu in the top right of your screen.
11. In the SSO tab, check to make sure Enable single sign-on (SSO) is toggled on.
12. Provide information for the following fields:
- Identity Provider SSO Login URL (needs to be IdP-initiated instead of SP-initiated). This typically appears as follows:
"https://accounts.google.com/o/saml2/initsso?idpid=[idpid]&spid=[spid]&forceauthn=false"
To find the SPID from your Google Admin:
Go to your GSuite console (where you are configuring the SAML) and find the "Test SAML Login" URL. It can be difficult to capture that URL, but you can click on it and press the Esc key immediately to stop it from redirecting it forward. Another option: when you are editing the SAML in GSuite, the link should also include your SPID; for example: https://admin.google.com/ac/apps/saml/[spid]
- Identity Provider Issuer, which typically appears as follows:
"https://accounts.google.com/o/saml2?idpid=[idpid]"
- The X.509 Certificate generated
13. Once complete, please contact support@codesignal.com to confirm the following for us:
- What is the owned email domain with which you would like us to associate this?
- Would you like us to enable JIT for your organization?
14. Note: Upon updating the configuration, it can take up to 24 hours for the change to propagate across the associated Google services.