Appian & Google SAML Setup

Hey michelg - the SAML authentication certificate needs to be generated by you, it is not Google's IdP certificate. Google documents using OpenSSL here. We also have a Knowledge Base article KB-1108 that outlines options. From Google itself, you will only need the IdP metadata which needs to be uploaded into Appian. You will have to upload your SP metadata into Google. For more information, see the documentation.

Jussi Lundstedt

Why does Appian need  a cert with the private key as a mandatory requirement? If the cert is only used by Appian for SAML assertion then it should accept cert signed by SSO provider without the private key.

Ankur V Appian uses the private key to decrypt the SAML response from IDP to assert the user is valid. 

The certificate uploaded into Appian is used for signing SAML requests from Appian that are sent to the IdP. It represents to the IdP that the request genuinely came from Appian and not some other party. Without a private key known to Appian, this cannot be done. That being said, it is true that SAML requests do not technically have to be signed according to the specification, Appian requires this for an added layer of security.

The IdP's public key is contained in the IdP metadata that is uploaded into the Admin Console separately from the certificate.

Thanks, is there any document that we can refer to  for this explanation? The SAML document does not specify this.

Hi Jussi, I've the same issue AWS SSO as authentication provider. AWS does not allow / provide the option to import / upload SAML signing certificate that we generated for Appian. Is there any workaround available to resolve this? Thanks.

Hi Jussi, I've the same issue AWS SSO as authentication provider. AWS does not allow / provide the option to import / upload SAML signing certificate that we generated for Appian. Is there any workaround available to resolve this? Thanks.