Skip to main content

Configure Google Cloud Run for SAML SSO

Enterprise

This page outlines the steps to configure Appsmith installation on Google Cloud Run for using Security Assertion Markup Language (SAML) Single Sign-On (SSO).

Prerequisites

Assign roles to account

  1. Go to the IAM & Admin page in the Google Cloud console.

  2. Grant the Cloud SQL Admin and the Cloud SQL Client roles to the member for the project.

  3. Click Save.

Assign roles to account
Assign roles to account

Create PostgreSQL instance

  1. In the Google Cloud console, go to the Cloud SQL Instances page.

  2. Click Create instance.

  3. On the Choose your database engine panel of the Create an instance page, click Choose PostgreSQL.

  4. In the Instance ID field of the Instance info pane, enter an ID for your instance. Eg: postgres.

  5. In the Password field, enter a password for the postgres user.

  6. Select PostgreSQL 12 in the Database version dropdown list.

  7. Select Enterprise in the Choose a Cloud SQL edition panel.

  8. In the Choose region and zonal availability section:

    • In the Region dropdown list, select the region for your instance.
    • Select Single zone under Zonal availability.

  9. In the Customize your instance section, click SHOW CONFIGURATION OPTIONS to display the groups of settings.

  10. Under the Storage section:

    • Select HDD under Storage type.
    • Select 10 GB under Storage capacity.

  11. Under the Connections section, select the Public IP checkbox.

  12. Under the Data protection section, deselect the Automate daily backups and Enable deletion protection checkboxes.

  13. Under the Maintenance section:

    • Select Any window in the Maintenance window dropdown list.
    • Select Any in the Order of update dropdown list.

  14. Click Create Instance.

Create database

  1. In the Google Cloud console, go to the Cloud SQL Instances page.

  2. To open the Overview page of an instance, click the instance name.

  3. Select Databases from the SQL navigation menu.

  4. Click Create database.

  5. In the New database dialog, specify the name of the database.

  6. Click Create.

Create users

  1. In the Google Cloud console, go to the Cloud SQL Instances page.

  2. To open the Overview page of an instance, click the instance name.

  3. Select Users from the SQL navigation menu.

  4. Click Add user account.

  5. In the Add a user account to instance instance_name page, select Built-in authentication (the default) and add a User name and Password.

  6. Click Add.

Edit and deploy new revision

  1. Go to your cloud run console.

  2. Select your Appsmith Service, and click EDIT & DEPLOY NEW REVISION.

  3. Under Environment variables:

    • Click Add Variable button to add each variable in the Name and Value text boxes as shown below:
    NameValue
    APPSMITH_KEYCLOAK_DB_URLjdbc:postgresql:///<DATABASE_NAME>?cloudSqlInstance=<INSTANCE_CONNECTION_NAME>&socketFactory=com.google.cloud.sql.postgres.SocketFactory&user=<POSTGRESQL_USER_NAME>&password=<POSTGRESQL_USER_PASSWORD>
    APPSMITH_KEYCLOAK_DB_USERNAMEappsmith
    APPSMITH_KEYCLOAK_DB_PASSWORDappsmith
    APPSMITH_KEYCLOAK_DB_DRIVERpostgresql
    KC_TRANSACTION_XA_ENABLEDfalse
    • Remove the APPSMITH_DISABLE_EMBEDDED_KEYCLOAK environment variable by clicking the delete icon next to the environment variable value.

  4. Scroll down to Cloud SQL connections section.

  5. Click Add connection.

  6. Select the desired Cloud SQL instance from the dropdown list.

  7. Click the Security tab. In the Service account dropdown list, select the account where you granted the Cloud SQL Admin and the Cloud SQL Client roles in the Assign roles to account section.

URL of Appsmith deployed on Cloud Run
URL of Appsmith deployed on Cloud Run
  1. Click Deploy button. A green check mark will appear next to the newly deployed service name when it's ready.
  2. Verify that the new revision is working as expected by accessing Appsmith, and logging into your account.

Troubleshooting

If you face issues, contact the support team using the chat widget at the bottom right of this page.

Further reading