Google Apps SSO Integration
Adding Google Apps SSO to a Periscope Data account is done in two steps. First, create a custom app from the Google Admin console that points to Periscope Data. Second, configure Periscope Data to direct users to the custom app.
Adding a custom app in Google Apps
The administrator of the Google Apps account is required to set up a custom app for SSO in Google Apps. From the Google Apps admin console, select Apps and then "SAML apps."
Click the yellow plus icon in the lower right-hand corner to Enable SSO for a SAML application. And then click "Setup my own custom app."
Download the Certificate and copy the SSO URL and Entity ID fields
Enter Periscope Data for the Application Name.
Enter Periscope Data's Service Provider Details:
- ACS URL: https://app.periscopedata.com/auth/saml/callback
- Entity ID: https://www.periscopedata.com/sso
Leave Start URL and Signed Response empty.
Enter the First Name, Last Name, and Primary Email attribute mappings. The attributes must exactly match first_name, last_name, and email for Periscope to recognize them.
Click Finish. If everything goes well, the following success message will be displayed:
Finally, make sure that SSO is enabled for all users. Click the three dots next to the app and select ON for everyone or ON for some organizations.
It can take Google several minutes to activate the app. The administrator is recommended to wait at least five minutes before proceeding with entering the SSO Configuration in Periscope.
In Periscope Data, open the gear menu in the bottom left and open the Billing & Security menu. Only admins have access to these settings.
In the "Single Sign-On" section, select "Google Apps". Fill in the SSO URL fields as follows:
- SSO URL
- Issuer is Google App's Entity ID
- x.509 Certificate is Google App's X.509 certificate and should start with "BEGIN CERTIFICATE" and end with "END CERTIFICATE".
Finally, confirm the SSO settings change by typing "Logout".
With that complete, Google Apps can be used to login to Periscope.
If the current certificate expires, the account can no longer be accessed through SSO. Please reach out to email@example.com to request disabling the SSO. Once the SSO is disabled, it will be possible to log in through the general login page(not using SSO).
After that, the SSO could be enabled again on the Billing and Authentication page using the new certificate.