The following values are used as demonstration values in this guide:
WallarmAppas a value for the Application Name parameter (in G Suite).
https://sso.online.wallarm.com/acsas a value for the ACS URL parameter (in G Suite).
WallarmApp_1234as a value for the Entity ID parameter (in G Suite).
Log in to the Google admin console. Click on the Apps block.
Click on the SAML apps block. Add a new application by clicking the Add a service/App to your domain link or the “+” button at the bottom right.
Click on the Setup my own custom app button.
You will be provided with information (metadata) by G Suite as your identity provider:
- SSO URL
- Entity ID
- Certificate (X.509)
Metadata is a set of parameters describing the identity provider's properties (similar to those generated for the service provider in Step 1) that are required to configure SSO.
You can transfer them to the SSO Wallarm setup wizard in two ways:
- Copy each parameter and download the certificate, and then paste (upload) it into the corresponding fields of the Wallarm setup wizard.
- Download an XML file with metadata and upload it on the Wallarm side.
Save the metadata in any way you like and go to the next step of configuring the application by clicking Next. Entering the identity provider metadata on the Wallarm side will be described in Step 3.
The next stage of configuring the application is to provide the service provider's (Wallarm) metadata. Required fields:
- ACS URL corresponds to the Assertion Consumer Service URL parameter generated on the Wallarm side.
- Object ID corresponds to the Wallarm Entity ID parameter generated on the Wallarm side.
Fill in the remaining parameters if required. Click Next.
At the final stage of configuring the application, you will be prompted to provide mappings between service provider's attributes to the available user profile fields. Wallarm (as a service provider) does not require these settings, so you can skip this step and complete the configuration of the application by clicking Done.
After that, you will be informed in the pop-up window that the provided information is saved and, in order to complete the SAML SSO configuration, you will need to upload the data about the identity provider (Google) in the admin panel of the service provider (Wallarm). Press Ok.
After that, you will be redirected to the page of the created application. Once the application is created, it is disabled for all your organizations in G Suite. To activate the SSO for this application, click the Edit Service button.
Select ON for everyone for the Service status parameter and click Save.
Now you can continue configuring the SSO on the Wallarm side.