Configure G Suite to manage your directory of users in Banyan

  • Updated on Jan 09, 2024

G Suite SSO allows G Suite organizations to have users sign in to all their applications using their managed Google account credentials. Banyan integrates with your organization’s G Suite SSO to authenticate enterprise users that need access to Banyan secured services.

Pre-requisites

In order to set up this integration, you need administrative access to G Suite and the ability to add a new SAML App.

Steps

1. In the Banyan Command Center, configure your User Identity Provider

1.1 Navigate from Settings > Identity and Access tab > End User tab, and then set your User Identity Provider to SAML.

Fill out these Identity Provider configuration fields after you set up the new application integration in G Suite.

1.2 Take note of the Redirect URL (ACS) provided in the configuration field. You will need it for the steps in G Suite below.

2. Launch a new Application Integration in G Suite

2.1 Log into your GSuite Admin account.

2.2 Navigate from Apps > SAML apps.

2.3 Choose Setup My Own Custom App.

2.4 Take note your SSO URL, download the certificate, and then select Next.

2.5 Name the application Banyan TrustProvider, upload our logo, and then select Next.

2.6 When asked for ACS URL and Entity ID, use the Redirect URL you obtained in Step 1b. Also, set the Name ID Format to EMAIL.

2.7 Set up the attribute mappings. Banyan requires your IDP’s returned SAML assertion to contain attributes that can be mapped to a user’s Email, Username, and Groups.

Set the Attribute Mappings as follows:

  • email -> Primary Email
  • name -> Last Name
  • groups -> Department

G Suite does not support transmitting groups via SAML attributes. Instead, we suggest using the Department field.

2.8 Select FINISH to save the application details in GSuite.

2.9 Select the Banyan TrustProvider SAML app you just created and set to ON for everyone. This will allow Banyan to federate authentication of all users in your organization to your SAML IDP.

Note: You still need to apply Policies in the Banyan Command Center to manage which users can access specific internal applications.

3. Save the G Suite fields in the Banyan Command Center

3.1 Return to the Identity Provider page in the Banyan Command Center (Settings > Identity and Access tab > End User tab) and enter the Banyan TrustProvider App parameters from G Suite:

  • IDP SSO URL (from Step 2.4)
  • Entity Issuer - Leave this optional field blank. It will default to the Redirect URL.
  • IDP CA Certificate (from Step 2.4)
  • Username Attribute (from Step 2.7)
  • Email Attribute (from Step 2.7)
  • Groups Attribute (from Step 2.7)
  • Groups Delimiter – Do not use this field. Entering an incorrect value may lead to configuration errors and behavior issues. Please contact Banyan Support for assistance.

3.2 Select Update Identity Provider Config to save the settings.


That’s it! You have successfully integrated G Suite to manage your directory of users in Banyan.


Can’t find what you’re looking for?

We’re happy to help. Contact our team.