Posted on by

Set Up SAML SSO for Prism Central with Google Workspace

I recently encountered a challenge when I was asked about connecting Prism Central to Google Workspace via SAML. My first thought was yes, absolutely, but how? After days of searching the Internet, I couldn’t find anything practical to help solve the problem, so I decided to figure it out myself.

Integrating Google Workspace SAML authentication with Prism Central enables seamless Single Sign-On (SSO), enhancing security and user experience by centralizing authentication. Instead of managing multiple credentials, users can log in with their Google Workspace accounts, reducing password fatigue and ensuring compliance with security policies such as 2FA and passkeys.

This guide walks you through setting up Google Workspace as the Identity Provider (IdP), configuring Identity and Access Management (IAM) in Prism Central, creating Authorization Policies, and testing the SAML login. By implementing SAML SSO, you enhance security, simplify user management, and streamline access control across your organization.

Three Key Steps to Set Up SAML SSO:

  1. Add a Custom SAML App to Google Workspace
  2. Configure Identity and Access Management (IAM) in Prism Central
  3. Set Up Authorization Policies and Manage Access

Following these steps ensures a smooth and secure authentication experience for your users.

Add a Custom SAML App to Google Workspace

Step 1: Log in to Google Admin Portal

  1. Navigate to Google Admin Portal.
  2. Go to Apps > Web and Mobile Apps.
  3. Click Add App > Add Custom SAML App.

Step 2: Configure the SAML App

  1. App Details
    • Enter a name for the app.
    • Click Continue.
  2. Google Identity Provider (IdP) Details
    • Under Option 1: Download IdP metadata, click Download Metadata, and save the file (you’ll need this later).
    • Click Continue.
  1. Service Provider Details
    • Enter the ACS URL and Entity ID for your Prism Central.
      • ACS URL: https://<PC IP or FQDN>:9440/api/iam/authn
      • Entity ID: http://<PC IP or FQDN>:9440/metadata/
    • The Start URL is optional, but if you want one, enter the ACS URL.
    • Click Continue.
  1. Attribute Mapping
    • Map the following Google Directory Attributes to App Attributes:
      • First name → FirstName
      • Last name → LastName
      • Primary email → Username
    • Click Finish.

Step 3: Enable User Access

  1. Go to Apps > Web and Mobile Apps.
  2. Click on the app you want to enable.
  3. Open User Access.
  4. Set Service Status to On for Everyone.
  5. Click Save.

Configure Identity and Access Management (IAM) in Prism Central

Step 1: Log in to Prism Central

  1. From the Application Switcher, go to Admin Center > IAM > IdP Configuration.
  2. Click Add Identity Provider > SAML Identity Provider.

Step 2: Configure Identity Provider

  1. Enter Configuration Name – This will be the name displayed on the Prism login page.
  2. Set Username Attribute to email.
  3. Set Email Attribute to email.
  4. Import Metadata – Upload the metadata file you downloaded earlier.
  5. Click Save.

Identity and Access Management and Authorization Policies

Step 1: Create an Authorization Policy

  1. From the Application Switcher, go to Admin Center > IAM > Authorization Policies.
  2. Click Create Authorization Policy.
  3. Choose Role: Select Super Admin, then click Next.

Step 2: Define Scope

  1. Select Full Access: All entity types & instances.
  2. Click Next.

Step 3: Assign Users

  1. Change Local User to the SAML user you set up earlier.
  2. Type the email address and select the user.
  3. Click Save.

Test SAML Login

Step 1: Attempt Login

  1. Log out of Prism Central.
  2. Open a browser and go to the URL you entered in the Service Provider Details step, for example:
    • https://<PC IP or FQDN>:9440
  3. You should see a “Login with …” option.

Step 2: Authenticate with Google

  1. Click “Login with …”, and you should be redirected to your Google login page.
  2. If you have 2FA or Passkey authentication set up, you must enter it to proceed.
  3. Once authenticated, confirm that you are logged into Prism Central via SAML SSO by clicking on your name in the upper right corner and selecting Update Profile.

Summary

By following this guide, you have successfully set up SAML-based SSO for Prism Central using Google Workspace. This integration enhances security by enabling centralized authentication, eliminating the need to manage multiple user credentials.

You also created authorization policies to define user access and tested the SAML login to ensure a seamless authentication experience.

With SAML SSO now configured, users can securely log in to Prism Central using their Google Workspace credentials, benefiting from streamlined access control and improved security.

What’s Next?

Try setting up SAML SSO in your environment and let us know how it works for you! If you have any questions, feedback, or run into any challenges, drop a comment below—we’d love to hear from you!

Published by Raj