SAML configuration for Google Workspace

This article details both how to configure Google Workspace for authentication and how to configure the Chronicle SOAR platform to support this.

Configure Google Workspace for single sign-on (SSO)

  1. Navigate to the Google Admin Portal.
  2. Select Apps.
  3. samlgw1
  4. Click on Web and mobile apps. Select Add custom SAML app from the drop-down Add App menu.
  5. samlgw2
  6. Enter the New Name of App and upload an App icon. Then click Continue.
  7. samlgw3
  8. In the Google IdP Information screen, click Next.
  9. samlgw4
  10. In the Service Provider Details screen, enter the following information:
    • ACS URL: https://{your_siemplify_server_IP_address}/Saml2/Acs
    • Entity ID: https://{your_siemplify_server_IP_address}/Saml2
    • Then click Next.
    • samlgw5
  11. In the Attribute Mapping screen, click Add New Mapping.
  12. samlgw6
  13. Set the Primary email = email
  14. samlgw7
  15. Make sure that the Service Status Button is on.
  16. samlgw8
    The following is an example of SAML working.
    samlgw9

Configure Google Workspace in Chronicle SOAR

  1. Navigate to Settings > Advanced > External Authentication.
  2. Create a new custom SAML provider.
  3. In the Provider Type menu, select G Suite.
  4. In the Provider Name field, enter any name you want. For example, mycompany_workspace.
  5. Return to the Google Workspace app that you created and select Download Metadata.
  6. In the dialog that opens, click Download Metadata and save the information.
  7. In the Chronicle SOAR platform, in the IdP Metadata field, click Upload to upload the metadata you just downloaded.
  8. Return to the Google Workspace app, expand Service provider details and click Manage Certificates.
  9. In the SAML Certificates dialog that appears, under the Google Identity Provider Details heading, locate the Entity ID field and copy its contents. Make sure not to mistakenly copy over contents from the Entity ID field that is located in the main Service provider details page.
  10. In the Chronicle SOAR platform, paste the contents into the Identifier field.
  11. Return to the Google Workspace app, and expand Service Provider details. Locate the ACS URL field and copy its contents.
  12. In the Chronicle SOAR platform, paste the contents into the ACS URL field.
  13. Note: The next few steps which detail the certificate are optional. You can configure Google Workspace as a SAML provider without using a certificate.
  14. Return to the Google Workspace app, expand Service provider details and click Manage Certificates.
  15. Select the required certificate and download it.
  16. In the Chronicle SOAR platform, paste the contents into the Provider Public Certificate field.
  17. Click Save.