Skip to content

Configure Google Workspace as an IdP for HySecure

Purpose of the Document

This document provides step-by-step instructions on configuring Google Workspace as an Identity Provider (IdP) for Accops HySecure.

There are two steps in this configuration:

  1. Google Workspace SAML Application configuration
  2. Configuring the Authentication server in HySecure

Note

The configuration details provided are for demonstration purposes only and may not reflect real-world configurations.

Prerequisite

Before you begin, make sure you have read the prerequisites.

  1. Google Workspace Admin Account: Ensure you have one of the below-mentioned roles.

    • Super Admin

    • Admin with permissions to manage API clients and directory setting

  2. Accops HySecure Gateway: Make sure you have the following details ready

    • The public DNS name of the Accops HySecure Gateway

    • Valid SSL certificate installed on the gateway

  3. Management console access: You should have access to the Accops HySecure Gateway management console using a Security Officer (SO) Account.

Configure the Google Workspace SAML Application

  1. Google Workspace Portal.

    image-20240718180955617

  2. Create a new custom SAML Application.

    • Enter the name of the new app in App details section. Add appropriate description.

    image-20240719111600448

  3. Download Metadata XML.

    • In the Google Identity Provider section, download the Metadata XML. Save this file for later use.

    image-20240726153501563

  4. Enter the Service provider details. Sample details are given in the table below.

    image-20240726153541802

    Field Example
    ACS URL https://hysecure.accops.xyz/saml-idp/GoogleWorkspace
    Entity ID https://hysecure.accops.xyz
    Start URL (Optional) https://hysecure.accops.xyz/saml-login/GoogleWorkspace

  5. Provide the Attribute Mapping details, including the Google Directory attribute and its corresponding mapping to the Service Provider attribute.

    image-20240726153619181

  6. Assign Users or Groups. Click the drop-down icon to activate the SAML app for the selected users or groups.

    image-20240726153640427

    • Enable the Service status ON for everyone.

    image-20240726153656544

    • Assign the users or groups that require SSO login access.

    image-20240726153710168

Configure the Authentication Server on Accops HySecure.

  1. Access the HySecure Management Console.

    • Login to the HySecure Management Console.

    • In the Settings section, select Authentication Servers to create an Authentication Server to add the SAML IDENTITY PROVIDER.

    • General Settings:

    Field Example Description
    Upload IdP Metadata GoogleIDPMetadata.xml Metadata downloaded from the Google Workspace SAML app
    Identity Provider Name GoogleWorkspace Name of the IDP
    Identity Provider Protocol SAML 2.0 SAML Version

    Note

    Ensure the Identity Provider Name matches the one in the IdP Basic SAML Configuration and is used as a post-suffix for the ACL URL (Assertion Consumer Service URL) and Start URL (Optional).

    • SAML Protocol Settings:
    Field Example Description
    IdP Issuer URI https://accounts.google.com/o/saml2?idpid=C01xxxxxx Google SSO URL
    IdP Single Sign-On URL https://accounts.google.com/o/saml2/idp?idpid=C01xxxxxx Google Entity ID
    IdP Signature Certificate - IDP SAML Certificate
    Request Binding HTTP-POST -
    Request Signature - -
    Response Signature Verification Assertion -
    Response Signature Algorithm SHA-256 SHA-1 or SHA-256 algorithm can be used
    • Service Provider Settings:
    Field Example Description
    SP Issuer URI https://hysecure.accops.xyz HySecure Gateway Address
    Assertion Consumer Service URL https://hysecure.accops.xyz/saml-idp/GoogleWorkspace -
    SP Initiated URL https://hysecure.accops.xyz/saml-login/GoogleWorkspace -
    Name ID Format Unspecified -
    • User Attribute Mapping:
    User Attribute Name Directory Attribute
    LoginID NameID
    EmailID http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    PhoneNo http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobile
    GroupsName Group

    image-20240726153737138

  2. Authentication Domain Configuration.

    • Add a new authentication domain and select the respective authentication server (GoogleWorkspace) under the Server in the priority 1 field.

    image-20240726153756531

  3. HySecure Domain Configuration.

    • Add a new HySecure Domain and select the respective Authentication Domain (GoogleWorkspace) under the Select Authentication Domain field.

    image-20240726153812378

  4. Application and ACL Policy Configuration.

    • Create an application and assign it to the application group.
    • Create an ACL policy and configure it with the SAML authentication Server and the respective application group.

    image-20240726153941777

    Field Example Description
    Select HySecure Domain GoogleWorkspace The domain within Accops HySecure using Google for authentication
    Select Authentication Domain GoogleWorkspace The domain for verifying user credentials, configured for Google
    Selected Group - Specific group of users within HySecure who will have access to the
    resources, mapped to Google security groups
    Select User Group - User group within HySecure for managing and assigning collective
    permissions, corresponding to Google user groups
    Select Application Group - Group of applications within HySecure assigned collective access
    permissions, facilitating efficient management.

  5. Configure Sites.

    • Configure the sites in the HySecure gateway.

    image-20240726153954504

This completes the HySecure configuration.

Your users can now use Google Workspace as an IdP to access the web resource.