I’m trying to set up FireZone with Google Workspace SSO using SAML, but I’m having difficulties doing so. I’ve generated the key and cert files and added the IdP metadata to the provider in the Security tab. I can’t seem to find what my ACS URL and Entity ID are supposed to be. I’ve tried with vpn.domain.com/auth/saml/auth/google/callback for the ACS URL and urn:firezone.dev:firezone-app for the Entity ID, but this doesn’t seem to work. After going through Google authentication the callback address returns Forbidden. I’ve checked the documentation and some code, but I can’t seem to find the solution on my own.
Hey @DinqBomba – thanks for the report. In general we recommend using OIDC over SAML whenever possible, as it’s more standardized, simpler, and easier to debug. That said, we’re still testing SAML integration with various providers, so I’ve added to our backlog to investigate further.
Thanks for the reply @jamil . I ended up using OIDC after all, had no problems getting that to work.