Has anyone managed to make HCP SSO work with Google Workspace as an IDP?
I have been trying for few hours now and ran out of ideas, so if anyone has a solution or leads, I would be very grateful.
I created a custom SAML app in Google Workspace which is usually pretty straightforward.
In the service provider details I have:
- ACS URL: https://auth.hashicorp.com/login/callback?connection=HCP-SSO-xxxx-…-samlp
- Entity ID: urn:hashicorp:HCP-SSO-xxxx-…-samlp
- Start URL (optional): empty
- Signed response: unticked (tried both)
- Name ID format: UNSPECIFIED (tried email address)
- Name ID: Basic Information > Primary email
On HCP side, I configured the IdP parameters and verified the primary domain of my Google Workspace. I don’t know how to implement the last element request by HCP SSO wizard:
Paste the “Email Attribute Assertion Name” link into the Attribute Statement as is.
It might be the missing configuration element and I have no idea if/how it can set with with Google Workspaces.
When I try to login via SSO, I get this error in my browser console:
Error while processing route: cloud.index IdP/SSO system did not provide user email address in the expected form (i.e. SAML assertion claim) instrument.ts:124:32
Thanks in advance for your answers!