Google Applications with SAML 2.0

Prerequisites

• Administrator access to the Harmony SASE Administrator Portal.

• Administrator account with the Identity Provider Management Portal.

Step 1 - Configuring the Application in the Google Admin Console

1. Log in to the Google Admin Console with a administrator account.

2. Go to Apps.

   

3. Click Add App and select Add custom SAML app.

   

4. In the Application Name field, enter a name for the application.

   

5. (Optional) In the Description field, enter a description about the application.

6. (Optional) To add a logo to the application, click Upload Logo and select the file.

7. Click Next.

8. Copy the SSO URL.

   

9. Copy the certificate or click the download icon to download it.

10. Click Next.

11. In the Service provider details section:

    

    • ACS URL : Enter https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

    • Entity ID : Enter urn:auth0:perimeter81:{{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

    • Name ID: Select Basic Information > Primary Email

    • Name ID Format: Select UNSPECIFIED

12. Click Add mapping and enter these attribute / value pairs in separate rows:

    Attribute	value
    Basic Information > Primary email	email
    Basic Information > Last Name	family_name
    Basic Information > First Name	given_name
    Employee Details > Department	groups

    The system creates the application.

13. Click Status and select Turn on for everyone.

    

Step 2 - Configure the Harmony SASE Administrator Portal

1. Log in to the Harmony SASE Administrator Portal with a administrator account.

2. Go to Settings > Identity Providers.

3. Click Add Provider.

   The Add identity provider pop-up appears.

4. Select SAML 2.0 Identity Providers and click Continue.

   

5. In the Sign in URL field, enter the Identity Provider Sign-in URL from your SAML Identity Provider.

   Identity Provider	Sign in URL
   Generic SAML	Identity Provider Sign in URL
   Active Directory Federation Services (AD FS)	https://{{Your ADFS Domain}}/adfs/ls
   Auth0	Auth0 login URL
   OneLogin	SAML 2.0 Endpoint (HTTP) value
   PingOne	https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid={{idpid}}
   PingFederate	https://sso.{{Your PingFederate Domain}}.com/idp/SSO.saml2
   Rippling	Rippling IdP Sign-in URL.
   JumpCloud	JumpCloud IDP URL
   Okta	Okta Sign on URL
   Google Applications	SSO URL

6. In the Domain Aliases field, enter the business domain names separated by commas or space.

7. In the X509 Signing Certificate field, enter the X.509 signing certificate for the application from the SAML Identity Provider.

   If you have the signing certificate as PEM/CERT file, click Upload PEM/CERT File and select the file.

8. Click Done.

Note - After the first successful authentication of a member with SAML, Harmony SASE does this: Assigns the member with the appropriate role. Adds the member to the groups related to Identity Provider. Applies the relevant configuration profiles to the member.