Set up Google Workspace (GSuite) SSO
This article shows how to configure Google Workspace (GSuite) as the identity provider for Databricks.
Gather required information
Go to the admin settings page and select the SSO tab.
Look for the Single Sign-On header.
Note if your SSO version is v1.0 or v2.0. The number is displayed to the right of the header.
The instructions below are slightly different based on the SSO version of your workspace. Workspaces on the E2 version of the Databricks platform always use SSO version 2.0.
Copy the Databricks SAML URL field.
If your SSO version is v1.0, copy the Identity Provider Entity ID field.
Do not close this browser tab.
Configure Google Workspace
In a new browser tab, log in to the Google Workspace Admin console.
In the sidebar, select Apps > Web and mobile apps.
On the Web and mobile apps page, select Add App > Add custom SAML app to add a new SAML app.
Enter a name in the App name field and click Continue.
Go to the Service provider detail page.
Set ACS URL to the Databricks SAML URL from Gather required information.
If your SSO version is v1.0, set the Entity ID to the Identity Provider Entity ID from Gather required information.
If your SSO version is v2.0, set the Entity ID to the to the Databricks SAML URL from Gather required information.
Select Signed response.
If your SSO version is v1.0, it is optional to select Signed response.
Set Name ID Format to EMAIL.
On the Google Identity Provider details page, copy the following SAML values under Option 2:
Complete the rest of the SAML app workflow in the Google Workspace Admin console.
Go back to the browser tab for Databricks.
In the admin settings page, click Single Sign On.
Set Single Sign-On URL to the SSO URL from the Google Workspace app.
Set Identity Provider Entity ID to the Entity ID from the Google Workspace app.
Set x.509 Certificate to the certificate from the Google Workspace app, including the markers for the beginning and ending of the certificate.
Click Enable SSO.
Optionally, click Allow auto user creation.
Test the configuration
In an incognito browser window, go to your Databricks workspace.
Click Single Sign On. You are redirected to Google.
Log in to Google. If SSO is configured correctly, you are redirected to Databricks.
If the test fails, review Troubleshooting.