| description |
|---|
Configure Google Workplace as an Identity Provider for CISO Assistant |
{% hint style="danger" %}
Google Workspace doesn't allow callbacks to urls containing http or localhost so it can be tricky to test it locally. You should deploy CISO Assistant with a FQDN to bypass these restrictions.
{% endhint %}
Go into Google Workspace Admin console
-
On the sidebar menu, go to Applications > Web and mobile applications
.png)
-
Click on Add an application > Add a custom SAML Application
.png)
-
Enter ciso-assistant or the name of your choice and click on continue
.png)
-
You can copy the SSO URL, Entity Id and x509 certificate here but you'll be able to retreive them later
.png)
-
Fill ACS URL with
<base_url>/api/accounts/saml/0/acs/, enter the Entity ID which has to be the same than SP entity Id in CISO Assistant (ciso-assistant by default) and choose Email in Name ID Format\.png)
-
Add two mappings for First name and Last Name, fill them with those two values:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname.png)
-
On application home page, you can now find the Entity ID, SSO URL and x509 certificate\
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
{% hint style="warning" %} Add a user in your application doesn't automatically create the user on CISO Assistant {% endhint %}
You can now configure CISO Assistant with the 3 parameters you've retrieved.