Configure Google Workplace as an Identity Provider for CISO Assistant
Google Workspace doesn't allow callbacks to urls containing http or localhost so it can be tricky to test it locally. You should deploy CISO Assistant with a FQDN to bypass these restrictions.
Go into Google Workspace Admin console
On the sidebar menu, go to Applications > Web and mobile applications
Click on Add an application > Add a custom SAML Application
Enter ciso-assistant or the name of your choice and click on continue
You can copy the SSO URL, Entity Id and x509 certificate here but you'll be able to retreive them later
Fill ACS URL with <base_url>/api/accounts/saml/0/acs/, enter the Entity ID which has to be the same than SP entity Id in CISO Assistant (ciso-assistant by default) and choose Email in Name ID Format
Add two mappings for First name and Last Name, fill them with those two values: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
On application home page, you can now find the Entity ID, SSO URL and x509 certificate
Add a user in your application doesn't automatically create the user on CISO Assistant
You can now configure CISO Assistant with the 3 parameters you've retrieved.
