Sign in with SSO is a feature available for customers on Cloudinary's custom / enterprise plans.
To set up your account with Google SSO, first, follow steps 1-5 in Google's guide for configuring a custom SAML application.
At step 6, please download the IDP metadata file to your computer, rather than saving only the SSO and Entity URLs.
Continue with the remaining steps as instructed and when adding the "Service Provider Details", set the following values:
- Set ACS URL as https://cloudinary.com/saml/consume
- Entity ID should also be https://cloudinary.com/saml
- The Name ID Format to use is EMAIL
The settings should look like the screenshot below afterward, though the Certificate details may vary:
Follow the remaining steps to finish setting up your custom SAML app in G-Suite.
Next, login to your Cloudinary account as a user with the "Master Admin" role and navigate to the Users Tab of the account settings and configure SSO login with the following details
- Set Metadata retrieval method to Inline, instead of the default URL option.
- Open the IDP metadata you downloaded from G-Suite in a text editor, then copy and paste it into the SAML Metadata text box.
- Save your changes
You should now be able to log into Cloudinary through the services menu of G-Suite, or by entering the email address of a user from your account via the "Sign in with SSO" option on the Cloudinary login page
** Please note that a user account for your existing G-Suite users will have to be created in Cloudinary by an existing Cloudinary user with the "Master Admin" or "Admin" role before they can log in via SAML, unless you're using Cloudinary's SAML Provisioning option