Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
avatar
Cloudera Employee

In today's data-driven world, smooth access to cloud platforms is crucial. But things can get messy with so many tools and logins to manage. This article dives into the power of integrating Google Workspace SSO with the Cloudera Data Platform, offering a seamless and secure user experience for your team.

Cloudera: Laying the Groundwork

Setting up SSO might involve a few administrative tasks within Cloudera. Specifically, you'll need to create an identity provider to capture the connection details for your Google Workspace account. But don't worry, this step only requires a Cloudera account administrator or PowerUser role. Let's explore how to navigate this process and unlock the benefits of seamless SSO.

Here's how to get started (Note: Requires Account Administrator or PowerUser privileges):

  1. Head to the Cloudera Console: Sign in and navigate to the Cloudera home page. Click on "Management Console" from there.
  2. Identity Provider Setup: In the User Management section of the side navigation panel, find "Identity Providers" and click on it. Now, click "Create Identity Provider" to begin the configuration.
  3. Naming Your Connection: Give your Google Workspace SSO connection a clear name for easy identification.
  4. Group Sync? (Optional): Decide if you want to synchronize user group memberships between Cloudera and Google Workspace. Selecting "Sync Groups on Login" enables this feature. (For details, refer to "Synchronizing group membership" in the Cloudera documentation.)
  5. SAML Metadata: Here's where the Google Workspace magic happens. You have two options:
    • File Upload: Download the Google Workspace SAML metadata file and upload it here.
    • Direct Input: If you already have the SAML metadata ready, you can paste it directly into this field.
  6. Finalize the Connection: Click "Create" to establish the SSO connection between Google Workspace and your Cloudera environment.

Voila! You've successfully added Google Workspace SSO to Cloudera. Now, you can view the newly created connection's properties and access the information needed to configure your Google Workspace IdP for seamless user login within Cloudera.

itischandu_0-1728411663391.png

Google Workspace: Essential Preparations

Create the SAML App

  1. Access Google Workspace Admin Console: Navigate to the Admin console and select Apps > Web and mobile apps.
  2. Create a Custom SAML App: Choose Add app > Custom SAML app. Give your app a descriptive name and optionally upload an icon. This icon will be displayed in various locations within the Google Workspace admin console.
  3. Configure Identity Provider Details: Access the Google Identity Provider details page. Here, you'll obtain the necessary setup information for your service provider. Choose to either download the IDP metadata file or manually copy the SSO URL, Entity ID, and Certificate (or SHA-256 fingerprint).
  4. Input Service Provider Details: Provide the required details from your service provider, including the ACS URL, Entity ID, and optionally, the Start URL. Indicate if a signed response is necessary.
  5. Define Name ID and User Attributes: Specify the Name ID format and value for your app. You can also create custom attributes and map them to Google Directory attributes.
  6. Configure Group Membership (Optional): If relevant, map Google groups to attributes in your service provider's system.
  7. Complete Setup: Finalize the configuration and save the changes.

itischandu_1-1728411663390.png

Turn on the App

Heads Up! Permission Check

Before we dive in, there is a chance your current account might not have the muscle (permissions) to handle these steps. If that's the case, you'll need to switch to a super administrator account to proceed. 

Navigation Ninja Time!

Alright, let's get started. In the Admin console, get ready to unleash your inner navigation ninja! Head to the "Menu" and then navigate down to "Apps" followed by "Web and mobile apps."

Finding Your SAML App

Now, it's time to locate your specific SAML app. It'll be listed amongst the other apps, so keep your eyes peeled!

User Access: Turning the Service On/Off

Here's where the magic happens – user access control! To enable or disable this service for everyone in your organization, it's a simple click-and-save affair. Just choose "On for everyone" or "Off for everyone" based on your needs, and then hit that sweet "Save" button.

itischandu_2-1728411663389.png

 

Testing Time! Let's See if SSO Flies

Alright, now for the fun part – testing! We'll check out both ways SSO can work: starting from your identity provider (IdP) and starting from your service provider (SP).

IdP-Initiated SSO

Let's Try Logging In: Go ahead and try logging in to your custom app using your regular login credentials. If everything's set up correctly, you should be magically whisked in without needing to enter a password again (that's the beauty of SSO!).

Whoops, Not Working? If things don't go smoothly, don't worry! The error message you see should give you some clues. Use that info to tweak your IdP and Cloudera settings until the magic happens. Then, come back and give the test another shot!

itischandu_3-1728411663390.png

By seamlessly integrating Google Workspace and Cloudera, you've unlocked a world of efficiency and security for your organization. 

If you encounter any challenges or have questions, don't hesitate to reach out to our support team. We're here to help you make the most of this powerful integration.

521 Views
0 Kudos