This article will walk through the steps to configure SSO using SAML with Google in Infosec Accounts.
Note: An active SSO configuration in Infosec Accounts does not necessarily mean that this authentication method will be active for everyone in Infosec IQ. To learn how these two relate to each other, see our other article Authentication in Infosec IQ.
Table of Contents
- Initiating your application in Infosec Accounts
- Building a SAML application in Google
- Completing setup in Infosec Accounts
- Testing and enabling in Infosec Accounts
Initiating your application in Infosec Accounts
- Navigate to Infosec Accounts and click on Organization in the top right corner of the page.
- In the Single sign-on section, select Setup.
- Do not adjust any of the settings and click Save in the bottom of this menu. This will expose the SP Assertion Consumer Service URL and SP Entity ID URLs for your organization. You will need these URLs to perform the below configuration steps.
Building a SAML application in Google
- Log in to the Google Admin Portal
- Expand Apps on the navigation menu, and select Web and mobile apps
- Select Add app at the top of the page, and select Add custom SAML app
- Enter an name for the application (eg Infosec IQ), and description and app icon if you’d like to. Click Continue at the bottom of the screen.
- Click Download Metadata and remember where you save it. Click Continue at the bottom of the page.
- There are handful of fields to fill out on this page.
- ACS URL: Enter the SP Assertion Consumer Service URL you retrieved from Infosec Accounts.
- Entity ID: Enter the SP Entity ID you retrieved from Infosec Accounts.
- Start URL: Leave this field blank.
- Signed response: Leave this option UNchecked.
- Name ID format: Select EMAIL from the dropdown.
- Name ID: Leave this as is- “Basic Information > Primary Email”
- Click Continue at the bottom of the page.
- On this page, click Add Mapping. Select Primary email under ‘Google Directory attributes’ and type email under ‘App attributes’ Click Finish at the bottom of the page.
Completing setup in Infosec Accounts
- Navigate back to Infosec Accounts and click on Organization in the top right corner of the page.
- In the Single sign-on section, where you had retrieved the links in the first section, click Actions then Edit.
- (Optional) If you’d like to allow IDP initiated SSO, turn on the Allow IDP initiated SSO? button. Leaving the Default redirect field blank will automatically populate the correct link once saved.
- Under the section labeled IdP metadata, select XML and click the button at the bottom of this section that says Upload XML file. Navigate to and select the XML file you saved while setting up the app in Google.
- Click the Save button at the bottom of this section.
Testing and enabling in Infosec Accounts
- If you’re following from the steps above, you should already be on the correct page. If not, navigate back to Infosec Accounts and click on Organization in the top right corner of the page.
- Your app should now be ready to test. Click the Actions button on your inactive configuration. Click Test. This will attempt to authenticate using your Google SAML application and return detailed results.
- If you run in to trouble, review your configuration and this article to make sure everything looks as it should. If you’re still running into trouble, open up a ticket with our support team to get help solving the problem.
- If everything is working okay, click Actions then Edit on your inactive configuration.
- Under the Status section, click the radio button next to Activate this config.
Your SAML configuration is now active.
Note: An active SSO configuration in Infosec Accounts does not necessarily mean that this authentication method will be active for everyone in Infosec IQ. To learn how these two relate to each other, see our other article Authentication in Infosec IQ.