Integration with Google Workspace#

If your company uses Google Workspace for identity management, the integration with NVIDIA can be based on SAML.

../../_images/ovc_google_workspace_overview.png

Using the SAML terminology, the NVIDIA identity federation system is the Service Provider (SP) while your Google Workspace is the Identity Provider (IdP).

App Registration#

On your Google Workspace admin console, go to AppsWeb and mobile apps and then select the option to add a custom SAML application.

../../_images/ovc_google_app_regisration_1.jpg

Select a name and enter a description for the application. Example:

../../_images/ovc_google_app_regisration_2.jpg

Download the IdP metadata file:

../../_images/ovc_google_app_regisration_3.jpg

Enter the Assertion Consumer Service (ACS) URL and the Entity ID of the NVIDIA identity federation system:

../../_images/ovc_google_app_regisration_4.jpg

Leave all the rest unmodified.

The NVIDIA identity federation system uses the following identifiers and URLs:

NVIDIA environment

Entity ID

Assertion Consumer Service URL

Production

https://login.nvidia.com

https://login.nvidia.com/saml2/redirect

Pre-integration tests

https://stg.login.nvidia.com

https://stg.login.nvidia.com/saml2/redirect

Please use the values for the production environment unless you have been instructed otherwise.

SAML Attribute Mapping#

Specify the attribute mappings that will be used for the primary email and for the group memberships. We recommend you use the attributes Email and Groups, respectively.

../../_images/ovc_google_saml_attribute_mapping.jpg

Sharing the group memberships with NVIDIA is useful because it allows you to indicate to certain NVIDIA services what authorizations/privileges/roles each of your users should have.

You can add or remove groups to the list that you share with NVIDIA at any time.

Configure User Access#

By default, Google Workspace creates the new SAML application without any user allowed to access it:

../../_images/ovc_google_configure_user_access_1.jpg

Select the application you have registered for NVIDIA, and go to the user access panel:

../../_images/ovc_google_configure_user_access_2.jpg

Select who should have access – e.g. your entire organization – and then save the change.

Information to be Provided to NVIDIA#

The following table specifies the information that NVIDIA needs to set up the integration.

Info

Comments

IdP metadata file

Refer to the Integration with Google Workspace > App Registration section for more details.

List of email domains in use at your company

NVIDIA will direct all the users with those email domains to log in with your identity management system. Refer to Integration via OpenID Connect > Email Domains for more details.

Attribute names used for the primary email and group memberships

Refer to the SAML Attribute Mapping section for more details. This is necessary only if the chosen attribute names are different from Email and Groups
On this page