Google IDP

Configure HTTPS for LightBeam endpoint before Google AD SAML Configuration.

Sign in to a super administrator account. Then in your Google Admin console.
Go to Menu → Apps > Web and mobile apps.
Click Add App → Add custom SAML app.

https://<ip/fqdn>/auth/admin/master/console/

Select the Hamburger Menu (☰) → Configure → Identity providers → Select SAML v2.0

Now click on “Browse” button in the Import config from file field. Here, upload the google IDP xml file which you downloaded as part of the SAML app configuration in Google.

Note down the following details needed to complete the SAML app configuration in Google SSO:

Redirect URI - https://sandeep-dev.lightbeamsecurity.com/auth/realms/master/broker/Google/endpoint

Once all the required changes are done, click on “Add”.

You should see the message "Identity provider successfully created."

In LightBeam, navigate to Settings → Auth Providers to find the Google auth provider.

You will be able to view Google Icon on the login page

Go back to the Google SSO page from where you downloaded the IDP metadata.

Click on CONTINUE.

In the Service Provider Details window, enter:

ACS URL—The service provider's Assertion Consumer Service URL receives the SAML response. It must start with https://.
- This is the “Redirect URI - “ from Keycloak
Entity ID—The globally unique name.
- Service provider entity ID

This will display the app view as follows:

Sign in to a super administrator account. Then in your Google Admin console.
Go to Menu → Apps > Web and mobile apps.
Select your SAML app.
Click User access.

To turn a service on or off for everyone in your organization, click On for everyone or Off for everyone, and then click Save.

Optional - You can also choose to turn a service on or off for an organizational unit or specific access group.

Last updated 7 months ago