summaryrefslogtreecommitdiff
path: root/doc/user/group/saml_sso
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/group/saml_sso')
-rw-r--r--doc/user/group/saml_sso/index.md51
1 files changed, 26 insertions, 25 deletions
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index 810d680ec59..25723687ebd 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -97,7 +97,7 @@ After you set up your identity provider to work with GitLab, you must configure
![Group SAML Settings for GitLab.com](img/group_saml_settings_v13_12.png)
NOTE:
-The certificate [fingerprint algorithm](../../../integration/saml.md#configure-saml-on-your-idp) must be in SHA1. When configuring the identity provider (such as [Google Workspace](#google-workspace-setup-notes)), use a secure signature algorithm.
+The certificate [fingerprint algorithm](../../../integration/saml.md#configure-saml-on-your-idp) must be in SHA1. When configuring the identity provider (such as [Google Workspace](#set-up-google-workspace)), use a secure signature algorithm.
### Additional configuration information
@@ -240,37 +240,38 @@ If using [Group Sync](#group-sync), customize the name of the group claim to mat
See our [example configuration page](example_saml_config.md#azure-active-directory).
-### Google Workspace setup notes
+### Set up Google Workspace
-Follow the Google Workspace documentation on
-[setting up SSO with Google as your identity provider](https://support.google.com/a/answer/6087519?hl=en)
-with the notes below for consideration.
+1. [Set up SSO with Google as your identity provider](https://support.google.com/a/answer/6087519?hl=en).
+ The following GitLab settings correspond to the Google Workspace fields.
-| GitLab setting | Google Workspace field |
-|:-------------------------------------|:-----------------------|
-| Identifier | Entity ID |
-| Assertion consumer service URL | ACS URL |
-| GitLab single sign-on URL | Start URL |
-| Identity provider single sign-on URL | SSO URL |
+ | GitLab setting | Google Workspace field |
+ |:-------------------------------------|:-----------------------|
+ | Identifier | **Entity ID** |
+ | Assertion consumer service URL | **ACS URL** |
+ | GitLab single sign-on URL | **Start URL** |
+ | Identity provider single sign-on URL | **SSO URL** |
-NOTE:
-Google Workspace displays a SHA256 fingerprint. To retrieve the SHA1 fingerprint required by GitLab for [configuring SAML](#configure-gitlab), download the certificate and calculate
-the SHA1 certificate fingerprint using this sample command: `openssl x509 -noout -fingerprint -sha1 -inform pem -in "GoogleIDPCertificate-domain.com.pem"`.
-
-The recommended attributes and claims settings are:
-
-- **Primary email** set to `email`.
-- **First name** set to `first_name`.
-- **Last name** set to `last_name`.
+1. Google Workspace displays a SHA256 fingerprint. To retrieve the SHA1 fingerprint
+ required by GitLab to [configure SAML](#configure-gitlab):
+ 1. Download the certificate.
+ 1. Run this command:
-For NameID, the following settings are recommended:
+ ```shell
+ openssl x509 -noout -fingerprint -sha1 -inform pem -in "GoogleIDPCertificate-domain.com.pem"
+ ```
-- **Name ID format** is set to `EMAIL`.
-- **NameID** set to `Basic Information > Primary email`.
+1. Set these values:
+ - For **Primary email**: `email`.
+ - For **First name**: `first_name`.
+ - For **Last name**: `last_name`.
+ - For **Name ID format**: `EMAIL`.
+ - For **NameID**: `Basic Information > Primary email`.
-When selecting **Verify SAML Configuration** on the GitLab SAML SSO page, disregard the warning recommending setting the NameID format to "persistent".
+On the GitLab SAML SSO page, when you select **Verify SAML Configuration**, disregard
+the warning that recommends setting the **NameID** format to `persistent`.
-See our [example configuration page](example_saml_config.md#google-workspace).
+For details, see the [example configuration page](example_saml_config.md#google-workspace).
### Okta setup notes