• Pre-requisites
• Steps
  • 1. In the Command Center, configure your User Identity Provider
  • 2. Launch a new Application Integration in G Suite
  • 3. Save the G Suite fields in the Command Center

G Suite SSO allows G Suite organizations to have users sign in to all their applications using their managed Google account credentials. Cloud Secure Edge (CSE) integrates with your organization’s G Suite SSO to authenticate enterprise users that need access to CSE-secured services.

Pre-requisites

In order to set up this integration, you need administrative access to G Suite and the ability to add a new SAML App.

Steps

1. In the Command Center, configure your User Identity Provider

1.1 Navigate from Settings > Identity and Access tab > End User tab, and then set your User Identity Provider to SAML.

Fill out these Identity Provider configuration fields after you set up the new application integration.

1.2 Take note of the Redirect URL (ACS) provided in the configuration field.

2. Launch a new Application Integration in G Suite

2.1 Log into your GSuite Admin account.

2.2 Navigate from Apps > SAML apps.

2.3 Choose Setup My Own Custom App.

2.4 Take note your SSO URL, download the certificate, and then select Next.

2.5 Name the application Banyan TrustProvider, upload our logo, and then select Next.

2.6 When asked for ACS URL and Entity ID, use the Redirect URL you obtained in Step 1b. Also, set the Name ID Format to EMAIL.

2.7 Set up the attribute mappings. CSE requires your IDP’s returned SAML assertion to contain attributes that can be mapped to a user’s Email, Username, and Groups.

Set the Attribute Mappings as follows:

• email -> Primary Email
• name -> Last Name
• groups -> Department

G Suite does not support transmitting groups via SAML attributes. Instead, we suggest using the Department field.

2.8 Select FINISH to save the application details in GSuite.

2.9 Select the Banyan TrustProvider SAML app you just created and set to ON for everyone. This will allow CSE to federate authentication of all users in your organization to your SAML IDP.

Note: You still need to apply Policies in the Command Center to manage which users can access specific internal applications.

3. Save the G Suite fields in the Command Center

3.1 Return to the Identity Provider page in the Command Center (Settings > Identity and Access tab > End User tab) and enter the Banyan TrustProvider App parameters from G Suite:

• IDP SSO URL (from Step 2.4)
• Entity Issuer - Leave this optional field blank. It will default to the Redirect URL.
• IDP CA Certificate (from Step 2.4)
• Username Attribute (from Step 2.7)
• Email Attribute (from Step 2.7)
• Groups Attribute (from Step 2.7)
• Groups Delimiter – Do not use this field. Entering an incorrect value may lead to configuration errors and behavior issues. Please contact CSE Support for assistance.

3.2 Select Update Identity Provider Config to save the settings.

---

That’s it! You have successfully integrated G Suite to manage your directory of users in CSE.