Google G suite(SAML2.0)

This document guides you through how to set up the G suite and Genian NAC authentication integration functions.

Summary

You can work with Genian NAC and Google G Suite to authenticate users with Google G Suite without having to manage Genian NAC's own user DB. For user authentication, normal SSO is performed by calling G suite authentication using SAML2.0 protocol on the Genian NAC CWP page and verifying user authentication.

Step 1: How to set up Google workspace

  1. Log in to https://admin.google.com . ( Log in with your Workspace Administrator account.)
  2. In the left console menu bar, click Apps -> Web and Mobile Apps .
  3. Click Add App -> Add a Custom SAML App.
  4. Set the app name, description, and app icon.
  5. After accessing the Genian NAC web console, click Preferences -> User Authentication -> Authentication Intergration -> SAML2 Identity Provider -> Add .
  6. Enter the values created in the Google Administration Console in the Genian NAC SAML2 Certification Integration window.
    • SSO URL, Entity ID , x.509 Certificate -> IdP SSO URL, IdP Entity ID, x509 Certificate
  7. Conversely, enter the values ​​you created in the Genian NAC SAML2 authentication integration screen in the Google Admin console window.
    • SP Entity ID, SP ACS URL -> ACS URL, Entity ID
  8. policy -> Node Policy -> Authentication Method -> Assign click to add SAML2 authentication.

Step 2: Add Users for Google Workspace Integration

  1. On the Google Administration Console main screen, click Users
  2. Click Add user.
  3. Set the user's name and mail, then click Add New User .
  4. Click Main Screen - Users - Reset Password, then reset your password.

Note

The Password entry selects whether the administrator creates the password by specifying it or if you want to change it when you log in for the first time.

Step 3: Google SAML Authentication Integration Test

  1. Preferences -> User Authentication -> Authentication Integration -> Authentication Test click Test.
  2. Change Repository to SAML
  3. Click the SAML authentication login button that you set on the screen that is displayed -> Login progress
  4. If it is set normally, the Google login window will be printed and authentication will be successful.
  5. You can check the ID of the logged-in account and the logged-in authentication method (SAML) in the audit log.

Note

After setting up the Authentication Integration, you must add the IdP domain to the enforcement policy permission when applying the policy to display the authentication linkage window even in the blocking state.

1. To add permissions
2. Policy -> Object -> Network
3. Tasks -> Create
4. Enter basic information
5. Condition -> Select FQDN -> Enter the IDP domain (e.g. accounts.google.com)
6. Click Create
7. Go to the Permissions menu
8. Create permissions using created network objects
9. Assign permissions that you create to a control policy that controls the device network