Configure Google Workspace for SAML
Prerequisites
- Review SAML (SaaS).
- Configure Sysdig Monitor or Sysdig Secure, or both as a SAML application using Google Workspace’s documentation: Set up your own custom SAML application.
The notes below call out specific steps that require additional action.
Sysdig-Specific Configuration for Google Workspace
Configure User access
Set up user access permissions according to your organization’s requirements.
Specify Service Provider Details
Enter the values shown in the table below. If you wish to configure IdP-initiated login flow, replace CUSTOMER-ID-NUMBER
with the number retrieved as described in Find Your Customer Number.
See SaaS Regions and IP Ranges and identify the correct URLs associated with your Sysdig application and region. For example, in US East, the endpoints are:
Setting | Value for Sysdig Monitor | Value for Sysdig Secure |
---|---|---|
ACS URL | <REGION_URL>/api/saml/auth | <REGION_URL>/api/saml/secureAuth |
Entity ID | <REGION_URL> | <REGION_URL> |
Start URL | #/&customer=<CUSTOMER_ID> | #/&customer=<CUSTOMER_ID> |
If multiple integrations are used, add the integration name to the Start URL parameter in the following format &integrationName=<INTEGRATION_NAME>
, so it becomes #/&customer=<CUSTOMER-ID-NUMBER>&integrationName=<INTEGRATION_NAME>
.
Replace <REGION_URL>
with the region URL where your Sysdig application is hosted. For example, for Sysdig Monitor in the EU, you use https://eu1.app.sysdig.com
.
Specify SAML Attribute Mapping
Configure the following:
Google Directory attributes | App attributes |
---|---|
Primary email | email |
First name | first name |
Last name | last name |
Note that the attributes are case sensitive, so use caution when entering them.
Only email
is required. However, including first and last names is recommended since these values will now be included in the records created in the Sysdig platform’s database when new users successfully log in via SAML for the first time.
Configure Sysdig
To configure Sysdig for Google Workspace:
Log in to Sysdig Platform.
Navigate to Settings via the user menu icon at the bottom of the left navigation bar.
Under Access & Secrets, select Authentication (SSO).
Edit existing or create a new SSO configuration (type: SAML).
Copy the URL and paste it into the Metadata entry on the SAML Configuration page in the SAML connection settings.
For Email Parameter, write
email
.The rest of the fields and toggles can be left as default.
Select Save Settings.
Enable the integration by selecting the option from the Enabled column in the integration
(Optional) Test SAML Login
To ensure the IdP flow works, you can perform a test login from your browser. Ensure the selected user has access to the Sysdig application you have configured.