Example: Setting up custom mapping for Google Workspace

The following shows how to use custom mapping to map roles for a Google Workspace custom SAML connection.

For additional details and guidance, see the Google documentation, Manage Custom User Fields.

To use the API, either log in to your Google Workspace admin area and from there execute the commands that follow , or for flexibility and automation, use the API with your preferred API client or script. To generate API credentials, refer to the Google documentation, Create access credentials.

Add a user schema

Use the schema endpoint to add a schema that can be tied to the users. An example schema follows. This schema makes it possible to expose the desired custom role mapping in the SAML payload for the user.

{
   "fields":
   [
     {
       "fieldName": "roles",
       "fieldType": "STRING",
       "readAccessType": "ADMINS_AND_SELF",
       "multiValued": true,
       "displayName": "roles"
     }
   ],
   "schemaName": "Snyk-SSO"
 }

Modify user profiles

Attach the desired roles to the user profile with the user API endpoint. An example payload follows for reference.

{
 "customSchemas": {
   "Snyk-SSO": {
     "roles": [
       {
         "value": "snyk:org:org1:org_admin"
       },
       {
         "value": "snyk:org:org2:org_admin"
       }
     ]
   }
 }
}

Modify SAML attributes

To expose these roles in the SAML payload, you must modify the attributes in the SAML attribute mapping:

1. Log in to your Google Workspace Admin area and go to Apps and then Web and mobile apps and open your application.
2. Click on SAML attribute mapping and then ADD MAPPING.

3. Click Select field and scroll to the bottom until you find Snyk-SSO - roles and select it.

4. In the App attributes value field, enter roles and click Save.

After this, log in as a user and have your Snyk contact validate the SAML payload and finalize the setup in the Snyk backend.