These are the docs for the Metabase master branch. Some features documented here may not yet be available in the latest release. Check out the docs for the latest version, Metabase v0.52.
SAML with Google
Google SAML authentication is only available on Pro and Enterprise plans (both self-hosted and on Metabase Cloud).
- Set up a custom SAML app in your Google admin console.
- As you follow Google’s instructions, you’ll need to:
- Save information about Google for Metabase.
- Provide Google info to Metabase.
- Provide Metabase info to Google .
- Set up attribute mappings in Google.
See authenticating with SAML for general SAML info.
Saving Google IdP info for Metabase
On the Google Identity Provider details page:
- Download the IdP metadata.
- Copy the SSO URL.
- Download the certificate.
Filling out the Metabase SAML form
- From your Google IdP metadata, locate the issuer.
- The issuer looks like this:
https://accounts.google.com/o/saml2/
.
- The issuer looks like this:
- Go to your Metabase SAML form (Admin settings > Authentication > SAML).
- Put the issuer in the Metabase SAML Identity Provider Issuer field.
- Put the SSO URL in the Metabase SAML Identity Provider URL field.
- Paste the certificate in the Metabase SAML Identity Provider Certificate field.
- Make sure to include any header and footer comments (like
---BEGIN CERTIFICATE---
).
Filling out service provider details
On the Service provider details page:
- Put the Metabase URL the IdP should redirect to in the Google ACS URL field.
- Put the Metabase SAML Application Name in the Google Entity ID field.
- The SAML Application Name can be anything you like (e.g., “yourcompany-metabase”).
- Start URL and Signed response are optional fields.
Setting up attribute mappings
On the Attribute mappings page, you’ll need to add “First name”, “Last name”, and “Email” as attributes, so that Google can pass them to Metabase during authentication.
For example, to add the attribute “First name”:
- Click Add another mapping.
- Under Google Directory attributes, choose Basic information > First name as the attribute field name.
- Go to your Metabase SAML form, and look for SAML attributes > User’s first name attribute.
- The attribute looks like this:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
.
- The attribute looks like this:
- Paste the User’s first name attribute under your Google App attributes.
- Repeat steps 1-3 for the attributes “Last name” and “Email”.
Troubleshooting SAML issues
Read docs for other versions of Metabase.