Introduction

At CloudCannon, we use Google Workspace (formerly G Suite) to manage our emails and calendars, as well as collaborate and share files through services like Google Drive. When new team members join, they receive access to our internal documentation and staging websites, hosted through CloudCannon.

These sites are secured with SAML authentication through Google, ensuring only authorized CloudCannon members can access them. When someone on our team leaves (😭), disabling their Google Workspace account automatically revokes their access to the internal websites.

You can use the same setup for your Site!

What is SAML authentication?#

SAML authentication is an excellent way to limit access to your website content to members of your team. SAML (or Security Assertion Markup Language) authentication requires visitors to your Site to log in with a third-party Single Sign-On (SSO) account.

SAML authentication works by allowing CloudCannon to authenticate a user's identity with an Identity Provider software (in this case, Google Workspace) when they try to log in to your website.

Here are some terms you will need to know:

• User — The person who wants to access the content on your website.
• Identity Provider — The cloud software that will authenticate the user’s identity, in this case Google Workspace. Users must already have a login for this software.
• Service Provider — The cloud application a user wants to log in to, in this case your CloudCannon-hosted website.

To configure SAML authentication for your Site, you will need to generate a certificate through Google Workspace.

In this guide, we'll teach you how to create a SAML App in Google Admin Console and configure SAML authentication for a Site hosted through CloudCannon. As a bonus, we'll also teach you how to create authenticated routes if you want some parts of your website to remain publicly available while others require authentication.

This guide assumes you already have a Site hosted on CloudCannon.