Configure SSO using SAML from Google Workspace

1. In the Google Workspace Admin console, navigate to SAML apps.

2. Click + to add a new service.

3. Click SETUP MY OWN CUSTOM APP.

4. Download the Certificate. We will use it in a later step.

5. Keep the Google Admin Console open on this page.

6. In a new tab, open the CloudGuard portal and navigate to Settings > Configuration > Security & Authentication.

7. In the SSO section, click Enable.

8. On the CloudGuard SSO Configuration page set the following:

   • Account ID – This can be any text you want.

   • Issuer - Copy the "Entity ID" field from Step 2 of the G Suite page and paste it here.

   • Idp Endpoint URL - Copy the value from the SSO URL field from Step 2 of the G Suite page and paste it here.

   • X.509 certificate - Using a text editor, open the certificate file you downloaded earlier and copy the full contents. Paste it in this field.

   • Just-in-time provisioning for the account – This option allows for CloudGuard users to be created and deleted when a Google Workspace user is created or deleted.

9. Click Save. After the page refreshes, it shows the enabled status.

   Leave this page open.

10. Switch back to Google Workspace Console and click Next.

11. Fill in the details as you like. These are details that users will see.

12. Click Next. Fill in the following fields.

    • ACS URL - Copy this URL from the "Login Page" field of the CloudGuard SSO Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. configuration. Add: /saml after the /sso (the full URL should look like this:

      

    • Entity ID - This is always https://secure.dome9.com/

    • Name ID Format - Change to EMAIL.

13. Continue to click Next until you are back at the SAML apps page.

14. Click on the newly created CloudGuard SAML app.

15. Click Edit Service.

16. Choose to turn ON/OFF for your organization (or specific groups).

17. Switch back to the CloudGuard portal and navigate to Settings > User & Roles > Users.

18. In the Actions menu bar, select Connect to SSO to enable the user to log in with SSO.

If a user has permissions in Google Workspace and in CloudGuard to use SSO, when logged in to their Workspace account, the user can click the menu in Google and select CloudGuard from the list of apps.