Google SAML Integration

Overview

QueryPie supports user integration with Google via SAML 2.0. By synchronizing users, you can grant access rights and apply policies.

SAML Setup in Google Workspace

1. Access the Google Admin Console, then click Apps > Web and mobile apps from the left menu.

2. Click the Add App button and select Add custom SAML app.

3. On the first step (App Details), enter ‘QueryPie-SSO’ in the App Name field, then click Continue.

4. On the second step, enter the following values. Once completed, click Continue to proceed to step 3.

• ACS URL: https://{QueryPie Host}/saml/sp/acs

• Entity ID: https://{QueryPie Host}/saml/sp/metadata

• Start URL (Optional): https://{QueryPie Host}/

5. On the third step, click Add mapping and enter the following four values. Once done, click Finish.

• Basic Information : Primary email → email

• Basic Information : First name → firstName

• Basic Information : Last name → lastName

• Basic Information : Primary email → loginId

6. Enter your Google account password for verification, then click Next to complete the setup.

7. Once the app is successfully created, it will appear in the list of Web and mobile apps. Click the app to enable it.

8. In the app’s details, click Download Metadata to download the file, then click User Access.

9. Set the Service Status to On for everyone, then click Save.

Configuring Authentication in QueryPie

1. Navigate to the QueryPie’s Admin > General > User Management > Authentication menu, and configure the following:

• Type : Select SAML.

• Identity Provider Metadata : Open the file you downloaded from the Google Admin Console (GoogleIDPMetadata.xml), copy the contents, and paste them here.

• Click Save Changes to complete the setup.

SAML Login in QueryPie

You can now sign in to QueryPie by authenticating with AWS using the Login with SAML button on the login page.