Skip to content

Google Workspace SAML Configuration

Use this guide to create a new SAML integration with Google Workspace for user authentication.

Requirements

  • Super Administrator access to the Google Workspace Admin console to create a new custom SAML app.
  • Administrator or Configuration Manager access to the 12Port Horizon tenant to create this configuration.
  • 12Port does not read accounts from the internal Google Workspace user directory. These Google users must originate from a directory source that is synced with Google and integrated with 12Port, like Active Directory with UPN configured, or an accompanying Local User must exist in the 12Port tenant with an identical login name in the form of its email address (i.e. bwilliams@contoso.com).

Google Workspace Configuration

The first step is to create a custom Application in the Google Workspace Admin console that is used for single sign-in user authentication.

  1. Log in to your Google Workspace Admin console with a Super Administrator account.
  2. In the Menu, go to Apps > Web and mobile apps.
  3. Click Add app > Add custom SAML app.
  4. On the first page, enter a Name for this new app and optionally, a Description and App icon. Click Continue.
  5. On the next page, under Option 1: Download IdP metadata, click the DOWNLOAD METADATA button. Save this downloaded .xml file as it will be required in the next section.
  6. Click Continue.
  7. On the next page Service provider details, enter the following values:
    • ACS URL: Enter your full 12Port Tenant URL, with port, followed by /auth/login. For example: https://12port-contoso.com:443/ztna/Production/root/auth/login
    • Entity ID: Enter your full 12Port Tenant URL with port. For example: https://12port-contoso.com:443/ztna/Production/root
    • Start URL: Enter your full 12Port Tenant URL with port. For example: https://12port-contoso.com:443/ztna/Production/root
    • Name ID section:
      • Name ID Format: UNSPECIFICED
      • Name ID: Basic Information > Primary Email
  8. Click Continue.
  9. Next, on the Attribute page, no changes are required. Click Finish.
  10. Finally, on the SAML app home page, open the User access page.
  11. Turn the service on for everyone in your organization, click On for everyone, and then click Save.

12Port Tenant Configuration

The next step is to configure this Google Workspace custom SAML app in your 12Port Tenant.

  1. Log in to the 12Port Tenant with an Administrator or Configuration Manager account.
  2. Navigate to Integration > SAML and click the Add button.
  3. Click on the parameter name for details about each or follow the guidance provided here:
    • Name: Enter a unique and recognizable name for this integration. This name will appear on the Login button for SAML authentication on the 12Port Login page for this tenant. For example, Google Workspace.
    • IdP Metadata: Open the downloaded xml file from the previous section in a text editor and copy and paste the entire file content into this field.
    • Backend Directory: Select the backend directory where the user with an identical Google login is located. For example, if the Google users are synced from Active Directory, and this Active Directory is integrated with 12Port, select this directory from the dropdown menu. If identical matching users are going to be created locally in this 12Port tenant, select the Local option.
    • Provide Your Key Pair: Leave this option disabled to have 12Port import the key pair from Google. If you have a Public/Private Key pair, enable this option and provide them in the respective Public Key, Private Key and Private Key Password parameters.
    • Enabled: Click this switch to enable this integration. Enabled SAML integrations will appear as separate login buttons on the 12Port Tenant login page.
  4. Click the Save button to complete this operation.

Verify your Google SAML Integration

Return to the Configuration > SAML page and use the Actions menu for this integration and select the Test Connection button to verify a successful integration. When prompted, authenticate using the account that was given User access in the Google SAML app and has permission to this 12Port tenant. Once the authentication process is successful, you should be redirected into this tenant, confirming the integration is complete.

Additionally, you may open a new private browser and navigate to the tenant's login page. On the page, you will see a blue button below the user form with the label "Login with <Name>". When you click on this SAML login button, you will redirect to Google where you can authenticate your credentials and upon successful validation, you will be redirected into this tenant.

Login with Google Workspace SAML

Note

If you experience any error messages during this authentication flow, please review your Google custom SAML app configuration for resolution methods.