Authenticate users using SSO (SOAR only)

This document describes how to configure a SAML provider.

• If you are using Okta – read Configure Okta in Google Security Operations SOAR first.
• If you're using Google Workspace, see SAML configuration for Google Workspace first.
• If you're using Azure, see SAML configuration for Azure first.

There are several different ways to authenticate users in the Google SecOps SOAR platform after you configure the SAML provider. Use the following procedure to authenticate users:

1. Go to SOAR Settings > Advanced > External Authentication.
2. Click add Add in the Provider screen.
3. In the Provider Type field, select the required SAML provider. For example, Okta or Google Workspace.
4. In the Provider Name field, enter the name of the instance. For example, Okta Customer name.
5. For Configuration settings, fill out the fields as detailed in the following table:

   Field	Description
   Provider name	Add the name of the provider.
   IDP Metadata	The IDP Metadata is SAML metadata and is used to share configuration information between the Identity Provider (IdP) and the Service Provider (SP). If you use a certificate, set WantAuthnRequestsSigned="true" in the XML. If you're not using a certificate, set it to false.
   Identifier	The service provider identifier in the SAML provider. This is called different names in different service providers. For example, this is called Entity ID in Google Workspace.
   ACS URL	Google Security Operations SOAR server name. Can be an IP URL, Host Name URL, or Local Host URL. To sign in with SAML, you need to connect to the platform with the same URL pattern configured in this field. The URL must contain the IP address of the Google Security Operations SOAR server, followed by /saml2.
   Unsolicited Response	Also known as IdP-Initiated response, this field lets SAML users enter the Google Security Operations SOAR platform directly from their SAML IdP application. For example, if your company uses Okta, you can configure it so that users can enter Google Security Operations SOAR through the Okta application. Note:You can only use Unsolicited Response when there's one SAML provider configured in the platform.
   Auto-redirect	With auto-redirect enabled, users who aren't logged in are automatically redirected to the IdP to log in. To force a user to sign in to the platform directly while auto-redirect is enabled, add to the URL; for example, https://example.com/#/login?autoExternalLogin=false.Note:You can only use this option when there's one provider configured.

6. Click Test to verify that the configuration works.
7. Click Save.
8. Select one of the user creation types as needed:
   • Manual: Add users, individually, in the User Management window. For information on how to add users, see Add users to the platform.
   • Just in Time: Automatically create the user (at log in) in Google SecOps. When you select this option, an advanced tab opens with more parameters. For more information, see Just in Time Provisioning.
   • IdP Group Mapping: Create the user automatically in Google SecOps based on the IdP group assignment. When you select this option, an advanced tab opens with more parameters. For more information on IdP group mapping, see IdP group mapping (SOAR only).