IMPORTANT: SSO will only function if the email address you use to log into DataSet is the same as your G Suite address. In other words, your DataSet login address must match your G Suite address.
To establish SSO using SAML for DataSet login using an Administrator account and navigate to the Admin console:
1. Sign into the Google admin console at https://admin.google.com.
2. In the Admin console, go to Menu Apps Web and mobile apps.
3. Click Add App Add custom SAML app.
4. On the App Details page:
- Enter "DataSet" as the app name
- Upload the DataSet app icon. Click "Continue"
5. Remove (delete) any expiring (or soon to expire) certificates by clicking the "Manage Certificates" button. Ensure that the current certificate is displayed in the "Certificate" dropdown menu.
6. Download the Metadata file. Confirm that only one X509 certificate is included (Google includes expiring certificates by default, so please be sure to complete step 5 above before proceeding). Send the metadata file to the DataSet support team (firstname.lastname@example.org). If applicable, provide the organization name you chose earlier. Click "Continue".
7. In the Service Provider Details window, fill in:
- ACS URL (US): https://www.scalyr.com/acs
- ACS URL (EU): https://eu.scalyr.com/acs
- ACS URL (DVUS): https://app.us1.dataset.com/acs
- Entity Id: Use the SP Entity ID, which you should have received from DataSet in the email message containing these instructions.
- US: https://www.scalyr.com/sp?organization=MYORG (replace MYORG with the organization name provided by DataSet support). For more information, visit this page.
- EU: https://eu.scalyr.com/sp?organization=MYORG (replace MYORG with the organization name provided by DataSet support). For more information, visit this page.
- DVUS: https://app.us1.dataset.com/sp?organization=MYORG (replace MYORG with the organization name provided by DataSet support). For more information, visit this page.
- Select Email from Name ID Format dropdown
- Select Basic Information > Primary email in the Name ID dropdown
- Click Next.
8. You can leave everything blank on the next page (attributes mapping) and click "Finish".
9. The last page confirms that the app was successfully created. Remember to turn the user access to "on for everyone" to complete the process.
10. Note: Any changes that you make via the Google admin console may not be applied immediately, resulting in possible SSO errors during the interim. Please note that this is specific to the Google platform and not the DataSet SSO configuration.