Set Up SSO with Google Workspace

Supabase supports single sign-on (SSO) using Google Workspace (formerly known as GSuite).

Step 1: Open the Google Workspace Web and mobile apps console #

Google Workspace: Web and mobile apps admin

Step 2: Choose Add custom SAML app #

From the Add app button in the toolbar choose Add custom SAML app.

Google Workspace: Web and mobile apps admin console, Add custom SAML app

Step 3: Fill out app details #

The information you enter here is for visibility into your Google Workspace. You can choose any values you like. Supabase as a name works well for most use cases. Optionally enter a description.

Google Workspace: Web and mobile apps admin console, Add custom SAML, App
details screen

Step 4: Download IdP metadata #

This is a very important step. Click on DOWNLOAD METADATA and save the file that was downloaded.

Google Workspace: Web and mobile apps admin console, Add custom SAML, Google
Identity Provider details screen

It's very important to send this file to your support contact at Supabase to complete the SSO setup process. If you're not sure where to send this file, you can always reach us at support@supabase.com.

Important: Make sure the certificate as shown on screen has at least 1 year before it expires. Mark down this date in your calendar so you will be reminded that you need to update the certificate without any downtime for your users.

Step 5: Add service provider details #

Fill out these serivce provider details on the next screen.

ACS URLhttps://alt.supabase.io/auth/v1/sso/saml/acs
Entity IDhttps://alt.supabase.io/auth/v1/sso/saml/metadata
Start URLhttps://app.supabase.com
Name IDBasic Information > Primary email

Google Workspace: Web and mobile apps admin console, Add custom SAML,
Service provider details screen

Step 6: Configure Attribute mapping #

Attribute mappings allow Supabase to get information about your Google Workspace users on each login.

A Primary email to email mapping is required to exist. Other mappings shown below are optional and configurable depending on your Google Workspace setup. If in doubt, replicate the same config as shown.

Please share any changes, if any, from this screen with your Supabase support contact.

Google Workspace: Web and mobile apps admin console, Add custom SAML,
Attribute mapping

Step 7: Wait for confirmation #

Once you’ve configured the Google Workspace app as shown above, make sure you send the metadata file you downloaded and information regarding the attribute mapping (if any changes are applicable) to your support contact at Supabase.

This information needs to be entered into Supabase before SSO is activated end-to-end.

Wait for confirmation that this information has successfully been added to Supabase. It usually takes us 1 business day to configure this information for you. Supabase.

Step 8: Configure user access #

You can configure which Google Workspace user accounts will get access to Supabase. This is important if you wish to limit access to your software engineering teams.

You can configure this access by clicking on the User access card (or down-arrow). Follow the instructions on screen.

Changes from this step sometimes take a while to propagate across Google’s systems. Please wait at least 15 minutes before proceeding to the next step.

Google Workspace: Web and mobile apps admin console, Supabase app

Step 9: Test single sign-on #

Once you’ve turned on access to Supabase for users in your organization, ask one of those users to help you out in testing the setup.

It often helps to ask them to log out of their Google account and log back in.

Ask them to enter their email addres in the Sign in with SSO page.

If sign in is not working correctly, please reach out to your support contact at Supabase.