Google SAML SSO configuration
Rewatch provides Single Sign-On (SSO) functionality for customers to access it through Google. This allows IT administrators to better manage team access and keeps information more secure. Customers can opt to use the simple
Sign in with Google button (which requires no configuration in Rewatch), or a SAML integration
SAML (Security Assertion Markup Language), an SSO standard, permits Google to safely pass authorization credentials to service providers like Rewatch. It enables centralized management with deeper administrative control than the simple
Sign in with Google integration.
These are instructions for setting up Rewatch SAML SSO with Google.
Setup the Rewatch app in Google
- In the Google admin portal, select
Web and Mobile Appsfrom the left-side nav.
- Next, select the
Add Appdropdown, and click
Add custom SAML app.
Rewatchas the name of the application and click
- Copy the SSO URL and Certificate. Save these for later, you will need these to configure Rewatch. Note that you must use the copy buttons (two interlocking rectangles). If you select the text to copy manually, the data will truncated or contain extra characters (this applies to both the SSO URL and Certificate). Click Continue
- Fill in the following information and click Continue:
rewatch.tvCheck Signed response Name ID format:
Basic Information > Primary email
Add the following field mappings and click Finish: First name ->
first_nameLast name ->
last_namePrimary email ->
Please note that Google may show an error page after clicking Finish. If you wait 5-10 minutes and return to the web and mobile apps list, the app should be setup correctly. If the problem persists, please contact Google.
On the Rewatch channel admin page, click on the
Security` link in the sidebar.
SSO URL from Google into the
IdP SSO target URL field and paste the Certificate into the
IdP Certificate field. Then, set the email domains that will redirect to your SAML provider on login. Finally, check
Enable Saml login for this channel. Click Save.
You can then test the SAML integration by clicking the Test SAML button. If you login via SAML with the same email as your current admin user account, you will maintain the same admin privileges. Once logged in via SAML, you can enable
Enforce SAML-only logins for this channel.
While SAML will automatically update user information whenever they log in, you can additionally setup SCIM to automate deprovisioning and group membership updates immediately after you make these administrative changes. We currently do not support SCIM integration with Google, as they are no longer accepting new applications for their SAML/SCIM marketplace. Google does also not provide a method to configure a generic SCIM app.
Related help articles
Lasted edited on Jan 27th, 2021