# Google Workspace

{% hint style="danger" %} <mark style="color:red;">Google Workspace doesn't allow callbacks to urls containing</mark> <mark style="color:red;"></mark><mark style="color:red;">`http`</mark> <mark style="color:red;"></mark><mark style="color:red;">or</mark> <mark style="color:red;"></mark><mark style="color:red;">`localhost`</mark> <mark style="color:red;"></mark><mark style="color:red;">so it can be tricky to test it locally. You should deploy CISO Assistant with a FQDN to bypass these restrictions.</mark>
{% endhint %}

Go into **Google Workspace Admin console**

1. On the sidebar menu, go to **Applications** > **Web and mobile applications**

   <figure><img src="https://217025809-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUJGpmCYDFJNsz2CDasSm%2Fuploads%2FEtJA1LECHmogRoiwmMZv%2Fimage.png?alt=media&#x26;token=dc8739bd-5356-421f-90e4-abafb9509d1f" alt=""><figcaption></figcaption></figure>
2. Click on **Add an application** > **Add a custom SAML Application**

   <figure><img src="https://217025809-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUJGpmCYDFJNsz2CDasSm%2Fuploads%2FD8oPs7BeTupWXPZL4UqE%2Fimage.png?alt=media&#x26;token=74dd38ae-4240-42cb-a8f4-175e6ef44fcc" alt=""><figcaption></figcaption></figure>
3. Enter **ciso-assistant** or the name of your choice and click on **continue**

   <figure><img src="https://217025809-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUJGpmCYDFJNsz2CDasSm%2Fuploads%2FDClWvagQjZLEaRhKwaXV%2Fimage.png?alt=media&#x26;token=201e43aa-c56c-4803-80e5-10c5d1c49d5a" alt=""><figcaption></figcaption></figure>
4. You can copy the <mark style="color:purple;">**SSO URL**</mark>, <mark style="color:purple;">**Entity Id**</mark> and <mark style="color:purple;">**x509 certificate**</mark> here but you'll be able to retreive them later

   <figure><img src="https://217025809-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUJGpmCYDFJNsz2CDasSm%2Fuploads%2Fiyd2SgvFZmsawidlQFLE%2Fimage.png?alt=media&#x26;token=8f08d6aa-3a66-4d3a-a875-6f484f87e0db" alt=""><figcaption></figcaption></figure>
5. Fill **ACS URL** with `<base_url>/api/accounts/saml/0/acs/`, enter the **Entity ID** which has to be the same than <mark style="color:purple;">**SP entity Id**</mark> in CISO Assistant (**ciso-assistant** by default) and choose **Email** in **Name ID Format**<br>

   <figure><img src="https://217025809-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUJGpmCYDFJNsz2CDasSm%2Fuploads%2FJ9MnhNEKNxDw8bf9pzO9%2Fimage.png?alt=media&#x26;token=f331d567-41a9-41a5-9b54-b02cd6e062bf" alt=""><figcaption></figcaption></figure>
6. Add two mappings for **First name** and **Last Name**, fill them with those two values: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`\
   `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`

   <figure><img src="https://217025809-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUJGpmCYDFJNsz2CDasSm%2Fuploads%2FaatBs4v7wolAL0pIiriu%2Fimage.png?alt=media&#x26;token=3498d78d-eb0a-4e88-a37e-f8f11a1338c8" alt=""><figcaption></figcaption></figure>
7. On application home page, you can now find the <mark style="color:purple;">**Entity ID**</mark>, <mark style="color:purple;">**SSO URL**</mark> and <mark style="color:purple;">**x509 certificate**</mark><br>

   <figure><img src="https://217025809-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUJGpmCYDFJNsz2CDasSm%2Fuploads%2FoxSYm3dIstR8FvIpn2np%2Fimage.png?alt=media&#x26;token=4ab6f181-5701-4da9-9ff5-b835d986beec" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %} <mark style="color:orange;">Add a user in your application doesn't automatically create the user on CISO Assistant</mark>
{% endhint %}

You can now [configure CISO Assistant](https://intuitem.gitbook.io/ciso-assistant/features-highlights/sso#configure-ciso-assistant-with-saml) with the <mark style="color:purple;">**3 parameters**</mark> you've retrieved.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/identity-providers/google-workplace.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.