Skip to main content

Overview

AirMDR supports SAML 2.0 Single Sign-On (SSO) with Google Workspace so your users can authenticate to AirMDR using their Google identities. This centralizes access control, reduces password sprawl, and enables security controls such as MFA and conditional access policies managed in Google Admin.

Pre-requisites

  • Google Workspace Super Admin access to Google Admin Console.
  • AirMDR Super Admin access.
  • Decide which users/OUs should be enabled for this SSO app.

SSO Set-up & Configuration

1

Create a Custom SAML app in Google

  1. Go to Google Admin.
  2. Sign in with an admin account.
  3. In the left-hand navigation pane, select Apps → Web and mobile apps. Google SSO1 Png Pn
  4. Add Custom SAML app
    1. Click Add app → Add custom SAML app Google SSO2 Pn
    2. Provide a name to the application Example: app_airmdr_com (logo optional)
    3. Click Continue. Google SSO3 Pn
  5. Collect IdP details
    Copy and securely save the Identity Provider (IdP) details, you’ll paste these into AirMDR later
    • From the Google IdP Information screen, save the following:
      • SSO URL (IdP SSO URL)
        https://accounts.google.com/o/saml2/idp?idpid=<code>
      • Entity ID (Issuer)
        https://accounts.google.com/o/saml2?idpid=<code>
      • Certificate (download the X.509 certificate).
        If the downloaded Google certificate has a file extension of .cert.
        Users must ensure the file extension is changed to .crt before uploading in to the AirMDR.        For example: Google.crt
        Google SSO4 Pn
  6. Service Provider (SP) details for AirMDR
    • Enter the following exact values when prompted:
      • ACS URL: https://app.airmdr.com/airmdrapi/sso/acs
      • Entity ID (SP): https://app.airmdr.com/airmdrapi
    • Click ContinueFinish. Google SSO5 Pn
  7. Turn the app ON for users
    • In the apps list, click the SAML app you just created (e.g., app_airmdr_com) to open its settings page.
    • Enable user access
      1. In the app’s overview page, locate User access Google SSO6 Pn
      2. Click the (dropdown) next to User access, switch it ON for everyone
      3. Click SAVE (mandatory to save the changes made). Google SSO7 Pn
2

Configure SSO in AirMDR

  1. Sign in to AirMDR with your credentials.
  2. Open your organization
    • Admin → Organizations List → click your Org Name. Google SSO13 Pn
  3. Edit SSO settings
    1. In SSO Settings, click Edit. Google SSO9 Pn
    2. Choose Yes, New Config. Google SSO10 Pn
  4. Complete the fields (paste values collected in the Google IdP Information screen)
    • Identity Provider: Custom
    • Certificate: Upload the X.509 certificate downloaded from Google
    • SSO endpoint (IdP SSO URL): https://accounts.google.com/o/saml2/idp?idpid=<code>
    • Use Issuer ID: Yes
    • Issuer ID (IdP Entity ID): https://accounts.google.com/o/saml2?idpid=<code>
  5. Click Submit. Google SSO15 Pn

Field mapping (quick reference)

WhereField labelValue
Google → IdP infoSSO URLhttps://accounts.google.com/o/saml2/idp?idpid=<code>
Google → IdP infoEntity ID (Issuer)https://accounts.google.com/o/saml2?idpid=<code>
Google → IdP infoCertificateDownload X.509 certificate
Google → SP detailsACS URLhttps://app.airmdr.com/airmdrapi/sso/acs
Google → SP detailsSP Entity IDhttps://app.airmdr.com/airmdrapi
AirMDR → SSO SettingsIdentity ProviderCustom
AirMDR → SSO SettingsSSO endpointPaste SSO URL from Google
AirMDR → SSO SettingsUse Issuer IDYes
AirMDR → SSO SettingsIssuer IDPaste Entity ID (Issuer) from Google
AirMDR → SSO SettingsCertificateUpload the Google X.509 certificate

Validation

  • In Google Admin, ensure User access = ON for the target OU/group.
  • In AirMDR, after Submit, log out and initiate login via Sign in with SSO (or use your org-specific SSO link if provided).
  • If sign-in fails, double-check:
    • Typos in SSO endpoint and Issuer ID (must match Google exactly).
    • Certificate uploaded is the current Google IdP certificate.
Hurray! You are Logged in Successfully