Google Workplace

Configure Google Workplace as an Identity Provider for CISO Assistant

Google Workspace doesn't allow callbacks to urls containing http or localhost so it can be tricky to test it locally. You should deploy CISO Assistant with a FQDN to bypass these restrictions.

Go into Google Workspace Admin console

1. On the sidebar menu, go to Applications > Web and mobile applications

   
2. Click on Add an application > Add a custom SAML Application

   
3. Enter ciso-assistant or the name of your choice and click on continue

   
4. You can copy the SSO URL, Entity Id and x509 certificate here but you'll be able to retreive them later

   
5. Fill ACS URL with <base_url>/api/accounts/saml/0/acs/, enter the Entity ID which has to be the same than SP entity Id in CISO Assistant (ciso-assistant by default) and choose Email in Name ID Format

   
6. Add two mappings for First name and Last Name, fill them with those two values: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

   
7. On application home page, you can now find the Entity ID, SSO URL and x509 certificate

   

Add a user in your application doesn't automatically create the user on CISO Assistant

You can now configure CISO Assistant with the 3 parameters you've retrieved.