This guide is applicable to Dagster Cloud.
In this guide, you'll configure Google Workspace to use single sign-on (SSO) with your Dagster Cloud organization.
To complete the steps in this guide, you'll need:
Navigate to your Google Admin Console: https://admin.google.com
Using the sidebar, navigate to Apps > Web and mobile apps:
On the Web and mobile apps page, click Add App > Add custom SAML app:
This opens a new page for adding app details.
On the App details page:
Fill in the App name field.
Fill in the Description field.
The page should look similar to the following:
On the Google Identity Provider details page, click Continue. No action is required for this page.
On the Service provider details page:
In the ACS URL and Entity ID fields:
Copy and paste the following URL, replacing
<organization_name> with your Dagster Cloud organization name:
Check the Signed Response box.
The page should look similar to the image below. In this example, the organization's name is
hooli and the Dagster Cloud domain is
When finished, click Continue.
On the Attributes page:
Click Add mapping to add and configure the following attributes:
The page should look like the following image:
Next, you'll save and upload the application's SAML metadata to Dagster Cloud. This will enable single sign-on.
In your Google Workspace, open the Dagster Cloud application you added in Step 2.
Click Download metadata:
In the modal that displays, click Download metadata to start the download. Save the file to your computer.
After you've downloaded the SAML metadata file, upload it to Dagster Cloud using the
dagster-cloud organization settings saml upload-identity-provider-metadata <the_path/to/metadata> \ --api-token=<user_token> \ --url https://<your_organization_name>.dagster.cloud
In this step, you'll assign users in your Google Workspace to the Dagster Cloud application. This allows members of the workspace to log in to Dagster Cloud using their credentials when the single sign-on flow is initiated.
In the Google Workspace Dagster Cloud application, click User access.
Select an organizational unit.
Click ON for everyone.
Lastly, you'll test your SSO configuration:
Navigate to your Dagster Cloud sign in page at
Click the Sign in with SSO button.
Initiate the login flow and address issues that arise, if any.
In the Google Workspace portal, click on the Dagster Cloud icon. If successful, you'll be automatically signed into your Dagster Cloud organization.