Google Workspace

Contact Sales to Enable This Feature

Google Workspace is a comprehensive suite of productivity and collaboration tools provided by Google. Zilliz Cloud allows you to configure single sign-on (SSO) with Google Workspace over the SAML protocol.

📘Notes

Though the SSO feature is in General Availability, please contact sales for access.

Before you start

• You must have the Admin role in the Google Admin console.

• You are the Organization Owner in the Zilliz Cloud organization where SSO is to be configured.

Step 1: Create SAML app in Google Admin console

1. Log in to the Google Admin console.

2. In the left-side navigation pane, choose Apps > Web and mobile apps. Then choose Add app > Add custom SAML app.

   

3. Provide a name and description for your custom SAML app. This information will be shared with the app users. Click CONTINUE.

   

4. On the page that appears, you will see details such as the SSO URL, Entity ID, and Certificate. Copy these details as you will need them in the next steps.

   

Step 2: Provide IdP metadata on Zilliz Cloud

1. Log in to the Zilliz Cloud console and go to the organization for which you want to configure SSO.

2. In the left-side navigation pane, click Settings.

3. On the Settings page, find the Single Sign-On (SSO) section and click Configure.

   

4. In the Configure Single Sign-On (SSO) dialog box, choose SAML 2.0.

   

5. In the dialog box that appears, replace the default IdP metadata with the values you copied from the Google Admin console:

   1. Single Sign-On URL: Paste the SSO URL from Google.

   2. Entity ID: Paste the Entity ID from Google.

   3. Certificate: Paste the Certificate from Google.

   Click Save once the fields are updated.

   

6. In the Verify Redirect URL to Complete SSO Configuration dialog box, copy the redirect URL provided by Zilliz Cloud.

   

Step 3: Verify redirect URL in Google Admin console

1. Go back to the window where you were configuring the custom SAML app in the Google Admin console.

2. In the Service provider details step, update the following:

   • ACS URL: Paste the redirect URL you just copied from Zilliz Cloud.

   • Entity ID: Enter zilliz.

   Then click CONTINUE.

   

3. In the Attributes section, click ADD MAPPING to map user attributes based on the service provider’s requirements:

   • Basic Information: Select Primary email.

   • App attributes: Enter email.

   

   Then click Finish. You will be redirected to the details page of the created app.

Step 4: Turn on your SAML app

1. On the details page of the newly created app, locate the User access area and click to edit the service status.

   

2. To turn a service on or off for everyone in your organization, click ON for everyone or OFF for everyone, and then click Save.

3. (Optional) To turn a service on or off for an organizational unit:

   1. At the left, select the organizational unit.

   2. To change the Service status, select ON or OFF.

   3. Choose one:

      • If the Service status is set to Inherited and you want to keep the updated setting, even if the parent setting changes, click Override.

      • If the Service status is set to Overridden, either click Inherit to revert to the same setting as its parent, or click Save to keep the new setting, even if the parent setting changes. Note: Learn more about organizational structure.

4. (Optional) To turn on a service for a set of users across or within organizational units, select an access group. For details, go to Use groups to customize service access.

5. Ensure that the email addresses your users use to sign in to the SAML app match the email addresses they use to sign in to your Google domain.

Test configuration

To ensure your SSO setup is functional:

1. Open a new browser window and navigate to the Zilliz Cloud SSO login URL provided earlier.

2. You should be redirected to the Google Workspace login page.

3. Log in using the credentials of a user who has been granted access to the app in Google Admin console.

4. If SSO is configured correctly, you will be redirected to the Zilliz Cloud console after successful authentication.

📘Notes

By default, users logging in via SSO are granted the Organization Member role. To expand their permissions, you can modify their roles in the Zilliz Cloud console.

If you encounter any issues during the setup or testing process, contact Zilliz support for assistance.