Skip to main content

Google Single Sign-On integration with SAML

Google offers a Single Sign-On service as part of its Cloud Identity product. The service provides single-click access to applications. For additional information, refer to the Google support documentation.

This document explains how to configure Google and Invicti Platform for Single Sign-On.

Configure Google Single Sign-On integration with SAML

  1. In Google Administrator console, select Apps > Web and mobile apps.
  2. From the Web and mobile apps page, select Add app > Add custom SAML app.
  3. On the Add custom SAML app page, enter a name for your app. (For this document, Invicti is used.)
  4. Click Continue.
  5. The IdP Information: SSO URL, Entity ID, and Certificate are needed in a later step.
  6. Click Continue.
  7. Open a new browser tab and from the Invicti's menu, select Settings > Security & access control > SSO & Provisioning.
  8. Turn on the Enable SSO toggle.
  9. Select Google from the SSO Provider drop-down list.
Select Google as SSO Provider in Invicti Platform.
  1. Copy the SAML 2.0 Service URL from Invicti and paste it into the ACS URL field in the Service provider details section.
  2. Copy the Identifier from Invicti and paste it into the Entity ID field in the Service provider details section.
Configure Service provider details with ACS URL and Entity ID

  1. Click Continue in the administrator console to open Attribute mapping.

  2. Click Add Mapping and configure the Attribute Mapping as follows:

    • Assign to the First name field the value user.firstName.
Configure Attribute Mapping for First name field
  1. Click Finish in your Google Admin console.
  2. In your Google Invicti settings page, change the User access to ON for everyone.
Enable User access to ON for everyone in Google settings
  1. Click DOWNLOAD METADATA to access the IdP information.
Configure assertions and certificate settings in Invicti
  1. Copy the Entity ID field and switch to Invicti browser tab to paste the URL into the IdP Identifier field.
  2. Switch to Google browser tab to copy the URL from the SSO URL field and paste it into the SAML 2.0 Endpoint field in Invicti.
  3. Switch to Google browser tab to copy the content from the X.509 Certificate field and paste it into the X.509 Certificate field in Invicti.
Download metadata and copy IdP information to Invicti.
  1. Select the checkboxes for signed assertions, encrypted assertions, or sign requests as needed.
  2. If you enable any assertions or requests, a new section appears where you can Generate a new certificate or upload an existing one.
  3. Use the SSO Exemptions drop-down to select users who can log in to Invicti via password.
SSO Exemptions field in Invicti Platform.
  1. Click Save to complete the integration.
  2. Open Google Invicti's setting page and click TEST SAML LOGIN to test the connection.
Test SAML login connection in Google Invicti settings

info

To learn more about the Single Sign-On fields, refer to the Single Sign-On configuration document.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?