Configure Google as a SAML source
Task 1: Create a new application in Google
- Navigate to the Google Admin page: https://admin.google.com/ac/apps/unified
- Expand the Apps menu and select Web and mobile apps.
- Click Add App and select Add custom SAML app.
- Enter an App name (for example:
InsightVM Console
). - Click Continue.
- In the Google ACS URL field, enter your InsightVM Security Console Assertion Consumer Service (ACS) URL (for example:
https://<console-hostname>:<console-port>/saml/SSO
).\ - In the Google Entity ID field, enter your InsightVM Security Console Entity ID URL (for example:
http://rapid7.com/nsc/console/…
). If the ACS URL contains a hostname or fully-qualifed domain name (FQDN), set a Base Entity URL in the InsightVM Security Console. - In the Google Name ID Format field, select UNSPECIFIED.
- Under Name ID, select Basic Information > Primary Email.
- Click Continue.
- Return to Google’s Service Provider details page.
- Under Option 1: Download IdP metadata, click DOWNLOAD METADATA.
Task 2: Upload Google metadata to InsightVM
- Log in to the InsightVM Security Console.
- Go to Administration.
- Under Console > Authentication, select 2FA and SSO.
- Click CONFIGURE SAML SOURCE.
- Click Choose File and select the Google metadata XML file.
- Click Open.
- Save and restart the InsightVM Security Console service.
Task 3: Create users on the InsightVM console
- Log in to the InsightVM Security Console.
- Go to Administration > User Management > Add User.
- Fill out the required fields. Note that email address is case sensitive and must match the existing identity provider user account email exactly.
- From the Authorization Method drop-down menu, select SAML.
- Select a User Role.
- Assign Site and Asset Group Permissions.
- Click Add.
Now, you can use the InsightVM application tile in Google Identity Provider (IDP) or using the Google IDP SSO URL to authenticate in to your InsightVM Security Console.