DeepSurface can be configured to leverage a third-party identity provider (IdP) to authenticate users when they access the DeepSurface web management console. One option is to use Google's service as SAML-based IdP that is available with a G Suite subscription. Use the following steps to create a new DeepSurface Authentication Provider configuration to enable this integration.
Create the Authentication Provider record in DeepSurface
Navigate to Setup > Authentication > Providers
Click the button "+ Authentication Provider" in the top-right of the screen
In the pop-up, select "SAML 2.0" in the drop-down
Fill in an appropriate label for this authentication provider (such as "Google")
Enter an appropriate value for the domain name of the "ASSERTION CONSUMER SERVICE URL" field. This domain name must match the one users will navigate to when accessing DeepSurface.
Click the "copy to clipboard" icon next to the ASSERTION CONSUMER SERVICE URL field to make a copy of this ACS URL. Paste this in a temporary location, such as a text editor, as we'll need this in later steps.
Do not enter any values in the METADATA XML at this stage. We'll come back to this in a minute.
Save the new authentication provider.
Configure Google
Log in to G Suite's admin interface and navigate to Apps > Overview > Web and mobile apps.
Click the "Add App" dropdown and select "Add custom SAML app".
Enter a friendly name in the App name field, such as "DeepSurface". Select other options as appropriate and click Next.
Next, click the "Download Metadata" button and save this file for use in Step 3 below.
On the Google screen, enter the ASSERTION CONSUMER SERVICE URL you obtained in step 1 above into both the ACS URL and Entity ID fields. Do not modify any other fields, and then click Next.
On the fourth Google screen, you may click Finish without any other changes.
Next, you should arrive at a summary screen for your newly created SAML app. Click on the "User access" tile to grant users access to the DeepSurface application in Google. You may either enable the app for everyone, or use the panel on the left side to search for specific Google Groups or users and grant access to those groups and users selectively. Save your selections when completed.
Finalize DeepSurface Authentication Provider
Return to the Setup > Authentication > Providers area in DeepSurface and edit the provider created in step 1l
Upload or paste the XML file into the METADATA XML field, as obtained from Google in step 2.
Save the updated authentication provider record.
Create DeepSurface users associated with the Google authentication provider
In DeepSurface, navigate to Setup > Authentication > Users.
For any user who needs to log in via Google, create a user with exactly the same username they would use with Google. Be sure to select your newly created authentication provider in the dropdown at the top of the user editing pop-up.
**Optionally, enable Auto-Provisioning
Test Google-based login
To test a DeepSurface user linked with an Google authentication provider, first log out of DeepSurface.
On the login form, enter the username of a user who should be authenticated against Google, and click Next.
You should now be redirected to Google. Log in with your Google credentials.
After successfully authenticating to Google, your browser should be redirected back to DeepSurface and you should be automatically logged in to the DeepSurface console.
For more information, consider consulting the following:
Having trouble? Don't hesitate to contact support.