You can choose to enforce SAML SSO for Ally with Google for added security. Once set up, users in your organization can use their managed Google account credentials to sign in to Ally via Single Sign-On (SSO).
To connect your SSO to your instance of Ally, please follow the instructions listed here: Steps to setup SSO
After you have enabled SSO within Ally, the next step is to create an Ally App within you SSO:
- Sign in to your Google Admin console and navigate to Apps > SAML Apps
- Click on the (+) icon in the bottom right and select ‘Set up my own custom app’
Copy the following fields from Google to Ally:
- SSO URL: Enter in the "SAML 2.0 URL" field in Ally
- Entity ID: Enter in the "Identity Provider Issuer URL" field in Ally
- Download the certificate, copy the content by opening in any text editor and add it to the "Public (X.509) Certificate" field in Ally.
4. Click ‘Next’ to fill out the basic information: Add a name and description for Ally.
5. (Optional) Click Choose file next to the Upload Logo field to upload a PNG or GIF file to serve as an icon. The file size should be 256 pixels square.
6. Click ‘Next’ to fill out the Service Provider Details. The "SAML Name" from Ally should be copied to the "ACS URL field" and "Entity ID." Use the Name ID Format shown below, and leave ‘Signed Response’ unchecked.
7. Click ‘Next’ to set up the attribute mapping as shown below:
8. Enable the SAML App for all users in your organization or select the ones who will be using Ally.
9. Verify with Ally: Navigate to the Ally Login Page and select SAML SSO. Provide your email when prompted and verify with Google Apps.