For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Sign inTry it free
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
  • Get started
    • Overview
    • Onboarding
    • Get started
    • Launch Insights
    • LaunchDarkly architecture
    • LaunchDarkly vocabulary
  • AgentControl
    • AgentControl
    • Manage AgentControl
  • Feature flags
    • Create flags
    • Target with flags
    • Flag templates
    • Manage flags
    • Code references
    • Contexts
    • Segments
  • Releases
    • Releasing features with LaunchDarkly
    • Release policies
    • Percentage rollouts
    • Progressive rollouts
    • Guarded rollouts
    • Feature monitoring
    • Release pipelines
    • Engineering insights
    • Release management tools
    • Applications and app versions
    • Change history
    • Restoring previous flag versions
  • Observability
    • Observability
    • Session replay
    • Error monitoring
    • Logs
    • Traces
    • Observability metrics
    • Product analytics events
    • LLM observability
    • Alerts
    • Dashboards
    • Service map
    • Vega for auto-remediation
    • Observability MCP server
    • Search specification
    • Observability settings
    • Observability integrations
  • Experimentation
    • Experimentation
    • Experiment metric types
    • Experiment configuration
    • Managing experiments
    • Analyzing experiments
    • Multi-armed bandits
    • Holdouts
  • Metrics and events
    • Metrics in LaunchDarkly
    • Creating metrics
    • Metric groups
    • Events
    • Autogenerated metrics
  • Warehouse native
    • Warehouse native metrics
    • Setting up external warehouses
    • Creating experiments using warehouse native metrics
  • Infrastructure
    • Connect apps and services to LaunchDarkly
    • LaunchDarkly in China and Pakistan
    • LaunchDarkly in the European Union (EU)
    • LaunchDarkly in federal environments
    • Public IP list
  • Your account
    • Projects
    • Views
    • Environments
    • Tags
    • Teams
    • Members
    • Roles
    • Account security
      • Single sign-on
        • Configure SAML SSO
          • Active Directory Federation Services (ADFS)
          • Entra ID
          • Google Workspace
          • Okta
          • OneLogin
          • PingIdentity
        • Enable SCIM provisioning
        • Enable SSO
        • Disable SSO
        • Change SSO providers
        • Google OAuth
        • GitHub OAuth
      • API access tokens
      • Multi-factor authentication
      • Domain verification
      • IP allowlist
      • Managing sessions
      • Organization access settings
      • Organization announcements
      • Support options
      • Resetting your password
    • Feature previews
    • Billing and usage
    • Changelog
Sign inTry it free
LogoLogo
On this page
  • Prerequisites
  • Configure SSO for LaunchDarkly with Google Workspace
  • Add LaunchDarkly as a custom SAML application
  • Assign roles, custom roles, and teams with Google Workspace
Your accountAccount securitySingle sign-onConfigure SAML SSO

Google Workspace

Was this page helpful?
Previous

Okta

Next
Built with

This topic explains how to configure Google Workspace to support single sign-on (SSO) in LaunchDarkly.

Google OAuth is different from Google Workspace SSO

The procedures in this topic explain how to configure SSO for Google Workspace. To learn how to configure Google OAuth instead, read Google OAuth.

If a member signs in to LaunchDarkly using Google OAuth, they cannot also sign in to the same account using Google Workspace SSO. Similarly, if you invite a member to join a LaunchDarkly account using Google Workspace SSO, they cannot also sign in using Google OAuth.

Prerequisites

To configure SSO for LaunchDarkly using Google Workspace, you must complete the following prerequisite:

  • Configure SAML for authentication. For more information, read the Google knowledge base.

Use the table below to configure Google fields for LaunchDarkly:

Google fieldLaunchDarkly setting
ACS URLUse LaunchDarkly’s Assertion Consumer Service URL value.
Entity IDUse LaunchDarkly’s Entity ID value.
Start URLUse LaunchDarkly’s Start URL value.
Signed ResponseCheck this box.
Name IDSelect Basic Information and Primary Email.
Name ID FormatSelect EMAIL.
Attribute Mapping

Enter role as the application attribute, and select the custom user attribute that corresponds to the desired role. You will map customRole and teamKey in a later step.

Configure SSO for LaunchDarkly with Google Workspace

Before you create the LaunchDarkly app in Google Workspace, you must create LaunchDarkly-specific fields for roles, custom roles, and teams.

To configure these fields:

  1. Log into Google Workspace.
  2. Navigate to your user directory by clicking Directory and then Users.
  3. Click the Manage user attributes icon. A popup screen appears:

The "Manage user attributes" icon.

The "Manage user attributes" icon.
  1. Select Add Custom Category.
  2. Name the custom category whatever you like. The example below uses LaunchDarkly Attributes.
  3. Add the role, customRole, and teamKey fields:

The "LaunchDarkly Attributes" screen.

The "LaunchDarkly Attributes" screen.
Allow multiple values for custom roles and team keys

Set the Multiple values field for customRole and teamKey to “Yes.” Some account members may have more than one custom role or team, which requires multiple values.

Add LaunchDarkly as a custom SAML application

Next, you must add LaunchDarkly to your Google Workspace apps.

To add LaunchDarkly:

  1. Log into Google Workspace.
  2. Navigate to Apps, then SAML Apps.
  3. Click the plus button to Add an app.
  4. Select Setup my own Custom App to configure LaunchDarkly. The setup workflow initiates.
  5. In step 2 of the workflow, copy the information from the setup workflow. You’ll need to add this into LaunchDarkly’s Security tab under Edit SAML Configuration:

The Google IdP information window.

The Google IdP information window.
  1. In step 3, enter the name of the app.
  2. In step 4 of the workflow, provide the Assertion consumer service URL, entity ID, and start URL for your LaunchDarkly account:

LaunchDarkly's service provider details.

LaunchDarkly's service provider details.

To find them, click Edit your SAML configuration on the LaunchDarkly Security tab:

LaunchDarkly's SAML Configuration panel.

LaunchDarkly's SAML Configuration panel.
  1. In step 5, map the LaunchDarkly attributes firstName and lastName to Google’s “First Name” and “Last Name” basic information fields. Map the LaunchDarkly attributes role, customRole, and teamKey to Google’s “LaunchDarkly Attributes” fields of the same name. These mappings are shown below:

The Attribute Mappings screen.

The Attribute Mappings screen.
Names are case sensitive

In the screenshot above, the names in the left-hand columns map to those present in LaunchDarkly. You must name them exactly as shown, including exact casing (role, customRole, and teamKey), or configuration will fail.

You’ve successfully connected LaunchDarkly to Google Workspace.

Assign roles, custom roles, and teams with Google Workspace

Now that the application is configured, you can assign roles and teams.

To assign roles and teams:

  1. Log into Google Workspace.
  2. Navigate to Directory, then Users.
  3. Click on the Google Workspace user that you want to assign roles to and choose Account to bring up the user’s account settings.
  4. Click Edit beneath “Manage user attributes” to add the user’s roles and teams to the corresponding attribute fields:

The "Update User" screen.

The "Update User" screen.
  1. Click Update User.

The next time this user logs into LaunchDarkly through Google Workspace, their roles and teams will update. If this is a brand new LaunchDarkly account member, an account will be created automatically with the roles and teams you specified.

Removing existing roles and teams

SAML ignores empty role, customRole, and teamKey fields. To clear all existing roles or teams, enter an empty string "" into the field.