Sorry, the InVision Help Center does not support Internet Explorer. Please download Microsoft Edge or another modern browser.


SSO - Configuring SAML with Google Cloud Credentials for use with InVision

Follow
This article is specific to Enterprise in InVision Cloud V6. If you're using Enterprise in Cloud V7, read this article instead. Not sure which version you're using? Find out now.

To let your team members use Google Cloud credentials (like they may have previously used for Google Auth) to sign in to InVision, you'll need to set up single sign-on (SSO) via Security Assertion Markup Language (SAML).

The set-up process—described in detail below—involves five main steps:

  1. Collect your Google identity provider (IdP) info.
  2. Send your Google IdP info to InVision Support (so we can provide the service provider URL you'll need during the next main step.
  3. Set up Google as a SAML IdP.
  4. Enable InVision as a service in your SAML apps.
  5. Verify that your SAML-based SSO is working as expected.

This document walks you through that process.

Collecting your Google identity provider (IdP) info

To collect the IdP info that you will need to send InVision Support:

  1. On the Google Admin console Home page, click Security and then click Set up single sign-on (SSO).
    google-admin-console-home-page.png
    If you don't see the Security link, click More controls (at the bottom of the console Home page).
  2. Write down the SSO URL and entity ID.
  3. Download the certificate and IdP metadata.

Sending your Google IdP info to InVision Support

The owner or an admin on your InVision Enterprise organization will need to submit a request to InVision's Support team to finish the configuration.

To submit your Support request:

  1. Open the Support request form.
  2. In the Description field, be sure to include the IdP info you collected earlier:
    • SSO URL
    • Entity ID
  3. In the Attachments area, attach the certificate and the IDP metadata you downloaded earlier.
    Before attaching them, ensure that the files are plain text files.

InVision will process your request and let you know when your trial account is set up. They will also provide you with the Service Provider URL you need to configure SSO in the Admin console in the next step.

After one of our Tier 2 Support engineers completes the configuration process on our end, he or she will send you the Service Provider URL needed for step 6 in the next section of this article.

Enabling Google as a SAML IdP & completing SSO setup

To set up Google as a SAML IdP:

  1. On the Google Admin console Home page, click Apps.
    google-admin-console-home-page-apps.png
    If you don't see the Apps link, click More controls (at the bottom of the console Home page).
  2. Click SAML Apps.
    google-admin-console-apps-saml.png
  3. At the bottom right of the SAML Apps list, click the yellow + button.
    google-admin-console-apps-saml-add-icon.png
  4. In the list of apps, click InVisionApp.
    google-admin-console-apps-saml-invisionapp.png
  5. Click Next.
    google-admin-console-apps-saml-google-idp-info.png
  6. In the Basic information for InVisionApp module, click Next.
    google-admin-console-apps-saml-invisionapp-basic-information.png
    The Basic information module shows the application name and description users will see.
  7. In the ACS URL and Entity ID fields of the Service Provider Details module, replace {subdomain} with the subdomain your InVision Support representative sent you (after you submitted your support request).
    google-admin-console-apps-saml-invisionapp-service-provider-details.png
    If it is not already selected, click the Name ID Format dropdown arrow and select Email.
  8. Click Finish.
    google-admin-console-apps-saml-invisionapp-service-provider-details-finish.png

To finish setting up SSO for InVision:

  1. In the Setting up SSO for InVisionApp modal that you see after completing the steps above, click OK.
    google-admin-console-setting-up-sso-for-invisionapp.png
  2. At the top right of the gray box, click Edit Service.
    google-admin-console-apps-saml-invisionapp-edit-service.png
  3. In the Service Status section, click the appropriate option to enable InVision for people in your organization:
    • On for everyone
    • Off for everyone
      google-admin-console-apps-saml-invisionapp-service-status.png

      You can also enable InVision for specific organizational units within your Google Cloud account, as described in sub-step 6 of the "Step 4: Enable InVisionApp" section of this Google Support article.
  4. In the lower-right corner of the Service Status section, click Save.
  5. Ensure that your InVision Enterprise members use their Google domain email addresses for their relevant InVision accounts (i.e., their InVision accounts that belong to your Enterprise).

Verifying that your SAML-based SSO is working

After completing the steps in each section above, you're ready to verify that the SAML-based SSO you've established is working as expected:

  1. Quit and reopen your browser, ensuring that no browser windows are open.
  2. Navigate to your Enterprise team's InVision subdomain. For example: my-enterprise-team.invisionapp.com.
  3. In the Google sign-in page that opens, enter your InVision Enterprise account credentials.
  4. When you're returned to the InVision sign-in page, click Sign in.

If you're successfully signed in to your InVision Enterprise after completing the steps above, take a nice deep breath and relax—your SAML-based SSO is working well!


Was this article helpful?

Still have a question?

Contact Us