Configure Google Workspace for SAML

Sysdig supports SAML authentication with Google Workspace as your Identity Provider (IdP).

Prerequisites

Review SAML (SaaS).
Configure Sysdig Monitor or Sysdig Secure, or both as a SAML application using Google Workspace’s documentation: Set up your own custom SAML application.

The notes below call out specific steps that require additional action.

Sysdig-Specific Configuration for Google Workspace

Configure User access

Set up user access permissions according to your organization’s requirements.

Specify Service Provider Details

Enter the values shown in the table below. If you wish to configure IdP-initiated login flow, replace CUSTOMER-ID-NUMBER with the number retrieved as described in Find Your Customer Number.

See SaaS Regions and IP Ranges and identify the correct URLs associated with your Sysdig application and region. For example, in US East, the endpoints are:

Setting	Value for Sysdig Monitor	Value for Sysdig Secure
ACS URL	`<REGION_URL>/api/saml/auth`	`<REGION_URL>/api/saml/secureAuth`
Entity ID	`<REGION_URL>`	`<REGION_URL>`
Start URL	`#/&customer=<CUSTOMER_ID>`	`#/&customer=<CUSTOMER_ID>`

If multiple integrations are used, add the integration name to the Start URL parameter in the following format &integrationName=<INTEGRATION_NAME>, so it becomes #/&customer=<CUSTOMER-ID-NUMBER>&integrationName=<INTEGRATION_NAME>.

Replace <REGION_URL> with the region URL where your Sysdig application is hosted. For example, for Sysdig Monitor in the EU, you use https://eu1.app.sysdig.com.

Specify SAML Attribute Mapping

Configure the following:

Google Directory attributes	App attributes
Primary email	`email`
First name	`first name`
Last name	`last name`

Note that the attributes are case sensitive, so use caution when entering them.

Only email is required. However, including first and last names is recommended since these values will now be included in the records created in the Sysdig platform’s database when new users successfully log in via SAML for the first time.

Configure Sysdig

To configure Sysdig for Google Workspace:

Log in to Sysdig Platform.
Navigate to Settings via the user menu icon at the bottom of the left navigation bar.
Under Access & Secrets, select Authentication (SSO).
Edit existing or create a new SSO configuration (type: SAML).
Copy the URL and paste it into the Metadata entry on the SAML Configuration page in the SAML connection settings.
For Email Parameter, write email.
The rest of the fields and toggles can be left as default.
Select Save Settings.
Enable the integration by selecting the option from the Enabled column in the integration

To ensure the IdP flow works, you can perform a test login from your browser. Ensure the selected user has access to the Sysdig application you have configured.