Identity Providers
      Back to home
      1. Support Center
      2. Safous ZTA Admin Guide
      3. Identity Providers

      Google Workspace SAML Configuration

      This article will help you on how to integrate Google Workspace into Safous ZTNA service as the external Identity Provider for authentication. Before continuing the steps in this article, please ensure you already have:

      • Know the basic information about Safous ZTNA SAML configuration in here.
      • Have account in Google Workspace with Admin privilege

       

       

      The steps need to applied in both ends (Google and Safous), so ensure you are already logged-in on both admin portal page and proceed with following these steps:

      1. Login to your Google Workspace portal https://admin.google.com/
      2. Go to Apps > Web and mobile apps

      3. Click on Add app and choose Add custom SAML app
      4. Input the App name, which is the required value. You also can add detail description and changed the app icon if you want. Then click Continue
      5. It will open the detail about IdP metadata that provided by Google Workspace
      6. login to https://portal.safous.com
      7. Go to Settings tab> ZTNA
      8. In Configurations, choose Identity Provider
      9. It will open the list of identity providers that have been integrated, by default it only has local 
      10. Click on New IDP, which it will expand the form of IDP
      11. Input the name and ensure the status is enable (green)
      12. Ensure you are choosing the SAML for the identity provider setting
      13. Input Entity Issuer with name that will be used in Google Workspace later on
      14. Input SSO Issuer with the value of Entity ID that you can find in steps number 5
      15. Input SSO URL with he value of SSO URL that you can find in steps number 5
      16. Input email as a value in Username Attribute field
      17. Input email as a value in Email Attribute field
      18. Input CA TrustedCertificate field with Certificate that you can find in steps number 5
      19. The rest of Safous ZTNA SAML configuration please refer to here.
      20. Once you done with the configuration, click "Save"
      21. Once saved, you need to expand the IdP to get the Redirect URI

      22. Go back Google Workspace, then click Continue

      23. Fill value of ACS URL with the value from Redirect URI in step number 21
      24. Fill value of Entity ID with the value of Entity Issuer in step number 13
      25. Change the Name ID Format into "EMAIL"
      26. Click Continue

      27. Add Mapping in the Attribute

      28. For Google Directory Attribute, choose "Primary email"
      29.  For App attributetype "email"
      30. Click FINISH

      31. Once created, it will redirect you to the App page that you created, in User access click "Expand user access"
      32. It will redirect you to another page setting of App that you created, ensure to choose ON for everyone and then click "SAVE"
      33. If everything correctly configured, you can login to the user portal https://users.<xxxx>.ztna.safous.com and check "With IdP", which you will see your SAML configuration