This guide shows how to configure Google Workspace as a SAML single sign-on identity provider (IdP) for your Redis Cloud account.

To learn more about Redis Cloud support for SAML, see SAML single sign-on.

Step 1: Set up your identity provider (IdP)

Create the Google Workspace SAML application

  1. Sign in to your Google Workspace admin account.

  2. From the main menu, select Apps then Web and mobile apps.

  3. Once in Web and mobile apps, select Add custom SAML app from the dropdown list.

  4. To begin, change the App name and Description to Redis Cloud. You can also choose an App icon for the application. We suggest you upload a Redis icon. Once complete, select Continue.

  5. In the next screen, you will find all of the information needed to configure SAML in Redis Cloud. Select the copy button for the following information sections:

  • SSO URL

  • Entity ID

  • Certificate

Once complete, select Continue.

Step 2: Configure SAML support in Redis Cloud

Now that you have your Google Workspace IdP server information, configure support for SAML in Redis Cloud.

Log in to your Redis Cloud account

Log in to your account at Redis Cloud console

Activate SAML in Access Management

To activate SAML, you must have a local user (or social sign-on user) with the owner role. If you have the correct permissions, you will see the Single Sign-On tab.

  1. Add the information you saved previously in the Google identity provider details screen. This includes:

    • Issuer (IdP Entity ID): Entity ID.
    • IdP server URL: SSO URL.
    • Assertion signing certificate: Certificate.

    Also add:

    • Email domain binding: The domain used in your company’s email addresses.

    Select Enable and wait a few seconds for the status to change.

  2. Select Download to get the service provider (SP) metadata. Save the file to your local hard disk.

  3. Open the file in any text editor. Save the following text from the metadata:

    • EntityID: The unique name of the service provider (SP).

    • Location: The location of the assertion consumer service.

Step 3: Add a custom attribute to Google Workspace’s user profile

  1. From the main menu in Google Workspace, select Directory then Users, and from the more options dropdown select Manage custom attributes.

  2. From the Manage user attributes screen, select Add Custom Attribute.

  3. Add the following information for the new custom attribute:

    • Category: Redis Cloud
    • Name: redisAccountMapping
    • Info type: Text
    • Visibility: Visible to user and admin
    • No. of values: Single

    Once complete, select Add. The summary page now displays the new redisAccountMapping custom field.

  4. From the main menu in Google Workspace, select Directory then Users, then select the user you wish to configure.

  5. Each user who needs to access Redis Cloud through SAML needs to define the redisAccountMapping attribute. The redisAccountMapping key-value pair consists of the lowercase role name (owner, member, manager, or viewer) and your Redis Cloud Account ID found in the account settings.

    Once complete, select Save.

    Repeat this step for each user who needs to define the redisAccountMapping attribute.

Step 4: Finish SAML configuration in Google Workspace’s Redis Cloud Application

  1. Return to the Service provider details screen in Google Workspace, and add the following information:

    • ACS URL: The Location from the downloaded service provider (SP) metadata
    • Entity Id: The EntityID from the downloaded service provider (SP) metadata

    Leave the Name ID default information as it is. Once complete, select Continue.

  2. Configure the Redis Cloud application’s attribute mappings. Select Add Mapping.

    In the next screen, map these attributes:

    • Primary Email: Email
    • First name: FirstName
    • Last name: LastName
    • redisAccountMapping: redisAccountMapping

    Once complete, select Finish.

  3. Next, we need to turn on the Redis Cloud service for all users, select Web and mobile apps -> Redis Cloud and then service status. Select ON for everyone. Once complete, select Save.

Step 5: Activate SAML integration

The final step in our SAML integration with AWS IAM identity Center is to activate the SAML integration.

  1. In the Single Sign-On screen, select Activate.

A logout notification screen displays, letting you know that you are redirected to Google’s login screen.

  1. Select the Google account you wish to login with.

  2. If everything is configured correctly, you should get a SAML activation succeeded message. From this point forward, users need to click SSO to log in to the Redis Cloud console.

A message displays, stating that your local user is now converted to a SAML user. Select Confirm.

You have successfully configured Google Workspace as an identification provider.