SSO: Configuring SAML with Google Cloud Credentials for use with InVision V6
  • 20 Jan 2023
  • 2 Minutes to read
  • Dark
    Light

SSO: Configuring SAML with Google Cloud Credentials for use with InVision V6

  • Dark
    Light

Article Summary

To let your team members use Google Cloud credentials (like they may have previously used for Google Auth) to sign in to InVision, you'll need to set up single sign-on (SSO) via Security Assertion Markup Language (SAML).

The set-up process—described in detail below—involves three main steps:

  1. Set up Google as a SAML IdP & Enable InVision in your SAML apps.
  2. Send your Google IdP metadata file to InVision Support to complete configurations in InVision.
  3. Verify that your SAML-based SSO is working as expected.

This article walks you through that set-up process.

Setting up Google as a SAML IdP & Enabling InVision

To set up Google as a SAML IdP:

  1. On the Google Admin console Home page, click Apps, and then click SAML Apps.
    google-admin-console-home-page-apps.png
    Note: If you don't see the Apps link, click More controls (at the bottom of the console Home page).
  2. At the bottom right of the SAML Apps list, click the yellow + button.
    google-admin-console-apps-saml-add-icon.png
  3. In the list of apps, click InVisionApp.
    google-admin-console-apps-saml-invisionapp.png
  4. Download the IdP metadata file you'll need to send to InVision Support, and then click Next.
    google-admin-console-apps-saml-google-idp-info.png
  5. In the Basic information for InVisionApp module, click Next.
    google-admin-console-apps-saml-invisionapp-basic-information.png
  6. Click the Name ID Format dropdown and select Email. Then, in the ACS URL and Entity ID fields, replace {subdomain} with the subdomain you use to access your InVision Enterprise account, and then click Finish. For example, we have replaced {subdomain} with magnolia in this screenshot: 
    google-admin-console-apps-saml-invisionapp-service-provider-details-finish.png
    Note: It's also important to ensure that there is no trailing slash in the URLs of the ACS URL and Entity ID fields, as including the trailing slash will prevent your SAML-based SSO from working as expected.
  7. In the Setting up SSO for InVisionApp modal, click OK.
    google-admin-console-setting-up-sso-for-invisionapp.png
  8. At the top right of the gray box, click Edit Service.
    google-admin-console-apps-saml-invisionapp-edit-service.png
  9. In the Service Status section, click the appropriate option to enable InVision for people in your organization:
    • On for everyone
    • Off for everyone
      google-admin-console-apps-saml-invisionapp-service-status.png
      Note: You can also enable InVision for specific organizational units within your Google Cloud account, as described in sub-step 6 of the "Step 4: Enable InVisionApp" section of this Google Support article.
  10. In the lower-right corner of the Service Status section, click Save.

Sending your Google IdP info to InVision Support

The owner or an admin on your InVision Enterprise organization will need provide the IdP metadata to InVision's Support team to finish configuring SSO in InVision.

If you already have a Support ticket, attach the IdP metadata file you downloaded when replying to the existing ticket.

If you need to submit a new Support request:

  1. Open the Support request form.
  2. In the Description field, be sure to include the name of your Enterprise account.
  3. In the Attachments area, attach the certificate and the IDP metadata you downloaded earlier.
    Before attaching them, ensure that the files are plain text files.

Verifying that your SAML-based SSO is working

Once InVision Support has confirmed that your SSO settings have been updated, you're ready to verify that the SAML-based SSO you've established is working as expected:

  1. Quit and reopen your browser, ensuring that no browser windows are open.
  2. Navigate to your Enterprise team's InVision subdomain. For example: my-enterprise-team.invisionapp.com.
  3. Sign in with your Google account credentials.

If you're successfully signed in to your InVision Enterprise after completing the steps above, take a nice deep breath and relax—your SAML-based SSO is working well!
 
After completing all steps in this article, ensure that your InVision Enterprise members use their Google domain email addresses for their relevant InVision accounts (i.e., their InVision accounts that belong to your Enterprise).


Was this article helpful?