> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# SAML: Google IDP Configuration

> This document provides instructions for creating an application within Google for compatibility with BloodHound Enterprise.

export const IDPIntro = ({auth_mode}) => {
  const mode = (auth_mode || '').toUpperCase();
  const isOIDC = mode === 'OIDC';
  const href = isOIDC ? '/manage-bloodhound/auth/oidc' : '/manage-bloodhound/auth/saml';
  const label = isOIDC ? 'OIDC' : 'SAML';
  return <Tip>
      See <a href={href}>{label} in BloodHound</a> for order of operations, general {label} setup, and user configuration in BloodHound.
    </Tip>;
};

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

<IDPIntro auth_mode="SAML" />

## Create a Google Application

1. On the Admin Console for Google Workspaces, use the left navigation bar and go to Apps -> Web and Mobile Apps

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-58.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=fbc5bd6ee4db57cedbc909907bdc570a" width="436" height="359" data-path="assets/image-2-58.png" />
</Frame>

2. Select “Add App” -> Add Custom SAML app

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-59.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=6773aba463d37cbd20ac9416637e493a" width="541" height="331" data-path="assets/image-2-59.png" />
</Frame>

3. Give the app an appropriate name, such as BloodHound Enterprise.

   Optionally, add an icon and description.

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-60.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=2c9411f531b0009fb30a9830f23c4506" width="624" height="418" data-path="assets/image-2-60.png" />
</Frame>

4. On the next screen, download the metadata file and continue.

5. Enter the ACS URL and Entity ID as provided in the BloodHound Enterprise console:

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-61.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=f976bda21f915cabe30db889a733b3f5" width="624" height="429" data-path="assets/image-2-61.png" />
</Frame>

6. On the next screen, it is required to send the email attribute to BloodHound.

   BloodHound will accept either of the following values as the “App Attributes”:

   * [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress)

   * urn:oid:0.9.2342.19200300.100.1.3

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-62.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=eb69f55502424e1a68f16bd5b70a9568" width="624" height="375" data-path="assets/image-2-62.png" />
</Frame>

7. Follow the instructions at [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml) to create the SAML provider in BloodHound Enterprise.