Configure single sign-on (SSO) using Google SAML

Before you begin, make sure you have an Admin account (Viewer or Contributor) with Abstract

Step 1: Configure SAML 2.0 for Abstract in Google

  1. As an Admin, create a new SAML app called Abstract in admin.google.com.
  2. Configure your ACS URL and Entity as follows (shown in screenshot below):
Entity IDhttps://auth.goabstract.com
Abstract’s Assertion Consumer Service (ACS) URLhttps://auth.goabstract.com/saml/response

3. Add an Attribute Mapping called exactly “email” (shown in screenshot below):

About SAML responses:

  • We currently only support HTTP:POST binding.
  • We are expecting an “email” Assertion Attribute, as shown below.
<saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">    <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">email@example.org</saml2:AttributeValue></saml2:Attribute>

About XML Metadata:
By default, Google SAML provides a URL to your XML metadata that is only accessible for authenticated admins. You’ll need to have your XML metadata available via a public URL in order to configure SSO on Abstract. You can use https://pastebin.com to create a public URL. Simply, create a + new paste with your XML metadata and click on the raw button.

Step 2: Set up SAML single sign-on in Abstract.

  1. Open the Abstract web app.
  2. Go to the Permissions page in the left side bar.
  3. In the Configure SSO section, enter your Metadata URL and Entity ID.
  4. Enter any manual exceptions you might have. Emails listed in the manual exceptions section will bypass SSO and be able to log in with email and password.
  5. Note: You’ll need to use primary email addresses in the manual exceptions list. SSO activation will fail if the email you list is a user’s secondary email. If that happens, you’ll see an error message with the primary email for the failing account. Add that primary email to the manual exceptions list after you’ve verified you know the user.
  6. Click Test with my Account. If an error occurs when trying to authenticate into Abstract, please consult Google’s Help Center first. If additional assistance is need you can contact our support team.
  7. Toggle Activate SSO on. 
  8. Click Save Changes.