Views: 22

Prerequisites

Before you begin configuring Google, make sure that:

  • You have a valid subscription with Google Workspace that handles the sign-in process and eventually provides the authentication credentials to the Cloud App Security management console.
  • You are logged on to the management console as a Cloud App Security global administrator. For details, see Administrator and Role.

Setting up SSO using Google Workspace

  1. Login to Google Workspace Admin Console.
  2. Under the Admin console, navigate to Menu, select Apps, then Web and mobile apps.
  3. Click Add App, and select Add custom SAML app.
  4. Under the App Details page, enter the name of the custom app and click Continue.
  5. On the Google Identity Provider details page, under the Option 2 section, copy the value of the idpID from the SSO URL field, the Entity ID and Certificate to a notepad or text editor.
  6. Click Continue. This will be used to configure the Cloud App Security SSO.
  7. In the Service provider details, provide the following values:
    1. For the ACS URL, the value will be the Cloud App Security SSO URL based on the serving site used. Refer to the following table.
      Serving SiteSSO URL
      EUhttps://admin-eu.tmcas.trendmicro.com/ssologin
      UKhttps://admin.tmcas.trendmicro.co.uk/ssologin
      Japanhttps://admin.tmcas.trendmicro.co.jp/ssologin
      UShttps://admin.tmcas.trendmicro.com/ssologin
      Australia and New Zealandhttps://admin-au.tmcas.trendmicro.com/ssologin
      Canadahttps://admin-ca.tmcas.trendmicro.com/ssologin
      Singaporehttps://admin.tmcas.trendmicro.com.sg/ssologin
      Indiahttps://admin-in.tmcas.trendmicro.com/ssologin
    2. For the Entity ID, the value will be the Cloud App Security URL based on the serving site used. Refer to the following table:
      Serving SiteURL
      EUhttps://admin-eu.tmcas.trendmicro.com
      UKhttps://admin.tmcas.trendmicro.co.uk
      Japanhttps://admin.tmcas.trendmicro.co.jp
      UShttps://admin.tmcas.trendmicro.com  
      Australia and New Zealandhttps://admin-au.tmcas.trendmicro.com
      Canadahttps://admin-ca.tmcas.trendmicro.com  
      Singaporehttps://admin.tmcas.trendmicro.com.sg  
      Indiahttps://admin-in.tmcas.trendmicro.com  
    3. For the Name ID format, select EMAIL
    4. For the Name ID, select Basic Information > Primary email, then click Continue.
  8. In the Attribute Mapping, leave it with the default value and click Finish.
  9. After the SAML application is created, get the Service Provider ID:
    1. Go to Menu, then Apps, and Web and mobile apps. Click the SAMP application created earlier to view the settings.
    2. In the next page, copy the Service Provider ID from the address bar of the browser and save it into a notepad or text editor. This information will be used in configuring Cloud App Security SSO.
  10. After the SAML application has been created, enable the service to all users by performing the following:
    1. Go to Meu, then Apps, select Web and mobile app. Click the SAML application created earlier to view the settings.
    2. In the next page, expand the User Access section to view the access settings.
    3. Under Service Status, select ON for Everyone and click Save.

Configure your Cloud App Security SSO

  1. Login to the Cloud App Security web console. Go to Administration and select Single Sign-On.
  2. Configure the general settings for single sign-on using the following information.
    1. Select Enable SSO
    2. Select Okta in Identify Provider
    3. In the Service URP, input the value as
    4. In the Application Identifier, input the value of the Entity ID from step XXXX
    5. In the SAML Signing Certificate, input the value of the certificate from step XXXX
    6. Click Save.

Adding an Administrator user with Google Workspace user account to Cloud App Security.

  1. Login to Cloud App Security web console. Go to Administration and select Administrator and Role.
  2. Under Administrator, click Add. The Administrator screen appears.
  3. Enter the Google Workspace email address of a user to add as administrator in the Email Address field.
  4. (Optional) Select the Allow the administrator to switch among Cloud App Security tenants of your organization from the management console.
  5. Specify a username in the Name filed.
  6. Turn on "SSO to Console".
  7. Select a role for the user to be added.
  8. Click Save.

Testing the CAS SSO Configuration.

  1. Access the CAS web console depending on the service site. Refer to the table below.
    Serving SiteURL
    EUhttps://admin-eu.tmcas.trendmicro.com
    UKhttps://admin.tmcas.trendmicro.co.uk
    Japanhttps://admin.tmcas.trendmicro.co.jp
    UShttps://admin.tmcas.trendmicro.com  
    Australia and New Zealandhttps://admin-au.tmcas.trendmicro.com
    Canadahttps://admin-ca.tmcas.trendmicro.com  
    Singaporehttps://admin.tmcas.trendmicro.com.sg  
    Indiahttps://admin-in.tmcas.trendmicro.com  
  2. Enter the Google Workspace email address of the administrator previously added then press the tab key.
  3. The previous step should be redirected to the Google Account Sign-In page.
  4. Login using the Google Workspace email address of the administrator user previously added. This should log the user in to the Cloud App Security web console.
Note: Use the Inprivate browsing mode (for Microsoft Edge and Mozilla Firefox) or incognito mode (for Google Chrome) to test the SSO login accurately.
Keywords: google, google workspace, saml, identity provider