Configure Google Workspace for SAML

Sysdig supports SAML authentication with Google Workspace as your Identity Provider (IdP).


The notes below call out specific steps that require additional action.

Sysdig-Specific Configuration

Configure User access

Set up user access permissions according to your organization’s requirements.

Specify Service Provider Details

Enter the values shown in the table below. If you wish to configure IdP-initiated login flow, replace CUSTOMER-ID-NUMBER with the number retrieved as described in Find Your Customer Number.

See SaaS Regions and IP Ranges and identify the correct URLs associated with your Sysdig application and region. For example, in US East, the endpoints are:

SettingValue for Sysdig MonitorValue for Sysdig Secure
ACS URL<REGION_URL>/api/saml/auth<REGION_URL>/api/saml/secureAuth
Start URL#/&customer=<CUSTOMER_ID>#/&customer=<CUSTOMER_ID>

Replace <REGION_URL> with the region URL where your Sysidig application is hosted. For example, for Sysdig Monitor in the EU, you use

Specify SAML Attribute Mapping

Configure the following:

Google Directory attributesApp attributes
Primary emailemail
First namefirst name
Last namelast name

Note that the attributes are case sensitive, so use caution when entering them.

Only email is required. However, including first and last names is recommended since these values will now be included in the records created in the Sysdig platform’s database when new users successfully log in via SAML for the first time.

Specify SAML Metadata in Sysdig

Do the following:

  1. Download the SAML metadata file.
  2. Open the metadata file using a text editor of choice.
  3. Copy to the clipboard contents of the metadata file.
  4. Log in to your Sysdig application.
  5. In Settings, open Authentication(SSO) > SAML.
  6. Copy the URL and paste it into the Metadata entry on the SAML Configuration page in the SAML connection settings.

(Optional) Test SAML Login

To ensure the IdP flow works, you can perform a test login from your browser. Ensure the selected user has access to the Sysdig application you have configured.