Follow these steps for integrating with Google after completing the steps in Kolide's SAML / SSO Sign-in document.

Steps to set up SAML auth for K2 with GSuite SAML as the identity provider: 

First, visit the 'SAML Apps' page in your GSuite account, and click the '+' button to add a new app:

In the popup that appears, click 'Setup my own custom app':

In step 2, make sure you save the SSO url for user later, and download the IDP certificate. You'll need both of these when filling out the SAML form in the Kolide dashboard.

In step 3, choose a name, and optionally a description and logo. 

May we suggest the following description?

    Kolide is a user focused security platform which your team uses to inform users
    when their device has issues that affect system stability or security

And for a logo, feel free to use this one:

After clicking 'Next', you'll see a form asking for your ACS URL and Entity ID.

You can find both of these in the SAML settings screen at Use the field labeled 'Kolide SSO URL' for the GSuite 'ACS URL', and the field labeled 'Kolide Issuer URL' for the gsuite 'Entity ID'

You will also want to make sure to select 'EMAIL' for the 'Name ID Format', and check the box for 'Signed Response'. The 'Start URL' field can be left empty.

Upon clicking 'Next', you should see a confirmation that the setup (On the GSuite IDP side) is complete:  

Note that you'll likely need to enable the new SAML application for the appropriate accounts and/or groups before it can be used. Click on the new application, then click 'Edit Service', and configure the availability as appropriate.

Now we need to jump over to the K2 SAML setup, at

Here, you'll fill in the certificate and IDP SSO Target URL fields using the URL and Certificate saved from step 2.

Then click 'Save & test, and if everything was filled out correctly you should see a success message.

But wait. There's one more step!

You now have to go to your Security & Privacy page to enforce SAML / SSO.

Click "Save Changes", which will now make other sign in methods inaccessible.

Your team will see a message in their inbox letting them know of this change.

Now, when your team signs in, they will see this* (*Okta Logo used as an example):

BOOM! Now you're all set! Now get cracking :)

Did this answer your question?