Configure Google as a SAML source

Task 1: Create a new application in Google

  1. Navigate to the Google Admin page: https://admin.google.com/ac/apps/unified
  2. Expand the Apps menu and select Web and mobile apps.
  3. Click Add App and select Add custom SAML app.
  4. Enter an App name (for example: InsightVM Console).
  5. Click Continue.
  6. In the Google ACS URL field, enter your InsightVM Security Console Assertion Consumer Service (ACS) URL (for example: https://<console-hostname>:<console-port>/saml/SSO).
  7. In the Google Entity ID field, enter your InsightVM Security Console Entity ID URL (for example: http://rapid7.com/nsc/console/…). If the ACS URL contains a hostname or fully-qualifed domain name (FQDN), set a Base Entity URL in the InsightVM Security Console.
  8. In the Google Name ID Format field, select UNSPECIFIED.
  9. Under Name ID, select Basic Information > Primary Email.
  10. Click Continue.
  11. Return to Google’s Service Provider details page.
  12. Under Option 1: Download IdP metadata, click DOWNLOAD METADATA.

Task 2: Upload Google metadata to InsightVM

  1. Log in to the InsightVM Security Console.
  2. Go to Administration.
  3. Under Console > Authentication, select 2FA and SSO.
  4. Click CONFIGURE SAML SOURCE.
  5. Click Choose File and select the Google metadata XML file.
  6. Click Open.
  7. Save and restart the InsightVM Security Console service.

Task 3: Create users on the InsightVM console

  1. Log in to the InsightVM Security Console.
  2. Go to Administration > User Management > Add User.
  3. Fill out the required fields. Note that email address is case sensitive and must match the existing identity provider user account email exactly.
  4. From the Authorization Method drop-down menu, select SAML.
  5. Select a User Role.
  6. Assign Site and Asset Group Permissions.
  7. Click Add.

Now, you can use the InsightVM application tile in Google Identity Provider (IDP) or using the Google IDP SSO URL to authenticate in to your InsightVM Security Console.