Setting Google SAML for Single Sign-On integration with HackMD Enterprise

# Setting Google SAML for Single Sign-On integration with HackMD Enterprise ###### tags: `HackMD-EE` > This note is for `HackMD Enterprise SaaS` and `HackMD Enterprise On-Premise` only. Follow these steps to setup Signle Sign-On using Google SAML: ## Setup the SAML App 1. Go to your the admin dashboard of your **G Suite**, and choose **Apps** ![](https://i.imgur.com/62UCqFf.png =650x) 2. Choose "SAML apps". ![](https://i.imgur.com/gIpJUw3.png =250x) 3. Click on the "Enable SSO for a SAML Application" at the bottom right corner to create a SAML app. ![](https://i.imgur.com/gspixAf.png =350x) 4. Click on "SETUP MY OWN CUSTUM APP" at the bottom. ![](https://i.imgur.com/TjxKTd7.png =400x) 5-1. If you're using `HackMD Enterprise SaaS`, go with "Option 2" to "DOWNLOAD" the IDP metadata and send them to your HackMD staff, we will set this up for you. 5-2. If you're using `HackMD Enterprise On-premise`, go with "Option 1" and "DOWNLOAD" the Certifcate, you will need it later. ![](https://i.imgur.com/ov0PJby.png =400x) 6. "Basic information for your Custom App" is for your own management, feel free to give it a name, description, and logo that comply with your internal rules. ![](https://i.imgur.com/3ieiiWE.png =400x) 7-1. If you're using `HackMD Enterprise SaaS`: "Service Provider Details" has to follow the below format and replace "my-company" with your company name: - ACS URL: <pre>https://==my-company==.hackmd.io/auth/saml/callback</pre> - Entity ID: <pre>https://==my-company==.hackmd.io/</pre> - Start URL: <pre>https://==my-company==.hackmd.io/</pre> - Signed Response: :white_check_mark: 7-2. If you're using `HackMD Enterprise On-premise`: Use the URL to your service for "Service Provider Details". The ACS URL needs the following callback suffix: - ACS URL：<pre>https://my.hackmd.instance.url/==auth/saml/callback==</pre> ![](https://i.imgur.com/xL2q6b3.png =400x) 8. Skip the "Attribute Mapping" and click "FINISH". ![](https://i.imgur.com/su0x2iJ.png =400x) 9. Click "OK" to finalize creating the Custom SAML App. ![](https://i.imgur.com/MSd4q4s.png =400x) :::info :bulb: **Hint:** If you're using `HackMD Enterprise SaaS`, remember to send HackMD staff the IDP metadata downloaded in step 5-2 prior to activation. ::: ## Activate the SAML App 1. Click on the "EDIT SERVICE" on the top right corner. ![](https://i.imgur.com/bt9H5Hx.png =400x) 2. Turn the service ON for everyone, and click Save on the bottom right corner. ![](https://i.imgur.com/AWnFOdi.png =400x) :::info :bulb: **Hint:** Extra step for `HackMD Enterprise On-premise` ::: 12. If you're using `HackMD Enterprise On-premise`, add the following environment variables in your `docker-compose.yaml`: ``` HMD_SAML_IDPSSOURL=the SSO URL from step 5-2. HMD_SAML_IDPCERT=path to the IDP Cert downloaded in step 5-2. HMD_SAML_ISSUER=URL to your instance (e.g., https://my.hackmd.instance.url/) ``` ###### tags: `docs`