Google Identity (en)

Preparation

 To use Google Identity, you must have:

• Google Admin account

Raketa provides:

• ACS URL - Assertion Consumer Service URL, which processes the SSO request: https://raketa.travel/sso/acs?clientId=RAKETA_CLIENT_ID. RAKETA_CLIENT_ID - Raketa's client id.
• Entity ID - service provider object identifier: https://raketa.travel/.

After all the necessary settings, you should submit it in Raketa:

1. Certificate (automatically generated, you need to download).
2. SSO URL (automatically generated) - URL of your login page that we will use to redirect users to your identity system.
3. Entity ID (automatically generated) - Google Identity object identifier.

Setting up your own SAML application

1. Sign in to the Google Admin Console (admin.google.com). Use an administrator account.
2. From the admin console's home page, click "Apps" [1].

    3. Select "SAML apps" [2] from the page that opens.

    4. Click the plus sign in the lower right corner [3].

    5. Add your own application by selecting "Set up my own custom app" [4].

    6. The "Google IdP Information" window opens. Fields "SSO URL" (Single Entry System URL) [5] and "Entity ID" [6] will be filled in automatically.
Copy the values of these fields and also download the certificate [7] and transmit it to Raketa.
Proceed to the next step by clicking "Next" [8].

    7. n the "Basic information..." window add the name [9] and a description of the application.
Go on to the next step by clicking "Next" [10].

    8. In the Service Provider Details window, enter information about the service provider for your application. This information is provided by Raketa:
a. ACS URL [11] - Assertion Consumer Service URL that processes the SSO request.
For Raketa: https://raketa.travel/sso/acs?clientId=RAKETA_CLIENT_ID. RAKETA_CLIENT_ID=32310
b. Entity ID [12] - object identifier.
For Raketa: https://raketa.travel/.
c. Signed Response [13] - mark the checkbox because Raketa requires the signature of the entire response when authenticating SAML.
d. Name ID [14] - a field in the Google profile that matches the profile in Raketa. By default, this is your primary email address and multi-digit input is not supported.
e. Name ID Format [15] - way to match profiles.
For Raketa: EMAIL (Raketa only supports email mappings).
Go on to the next step by pressing "Next" [16].

    9. Press "Finish" [17] to complete the adjustment.

Send IdP information to Raketa

Email Raketa Support (sso@raketa.travel) and request that they enable SSO for your account. Include the following identity provider (IdP) information copied earlier:

• Certificate (automatically generated, you need to download).
• SSO URL (automatically generated) - URL of your login page that we will use to redirect users to your identity system.
• Entity ID (automatically generated) - Google Identity object identifier.

Raketa specialists will process your request and provide you with ACS URL and Entity ID values. Use these values to finish configuring SSO in the Admin console.