Integrate Google G Suite (SAML)

Setting up G Suite

Prisma Cloud supports SAML integration with Google G Suite. To set up G Suite:
  1. Log into your G Suite admin console.
  2. Click on
    Apps
    .
  3. Click on
    SAML apps
    .
  4. Click the
    +
    button at the bottom to add a new app.
  5. Click
    SETUP MY OWN CUSTOM APP
    at the bottom of the dialog.
  6. Copy the
    SSO URL
    and
    Entity ID
    , and download the certificate. You will need these later for setting up the integration in Prisma Cloud Console. Click
    NEXT
    .
  7. Enter an
    Application Name
    , such as
    Prisma Cloud
    , then click
    NEXT
    .
  8. In the Service Provider Details dialog, enter the following details, then click
    NEXT
    .
    1. In
      ACS URL
      , enter:
      https://<CONSOLE_IPADDR | CONSOLE_HOSTNAME>:8083/api/v1/authenticate
      .
    2. In
      Entity ID
      , enter:
      twistlock
      .
    3. Enable
      Signed Response
      .
  9. Click
    FINISH
    , then
    OK
    .
  10. Turn the application to on. Select either
    ON
    for everyone or
    ON for some organizations
    .

Setting up Prisma Cloud

To set up Prisma Cloud for G Suite integration:
  1. Log into Console, then go to
    Manage > Authentication > SAML
    .
  2. Set up the following parameters:
    1. Enable
      Integrate SAML users and groups with Prisma Cloud
      .
    2. In
      Identity provider
      , select
      G Suite
      .
    3. Paste the SSO URL, Entity ID, and certificate that you copied during the G Suite set up (Step 6) into the
      Identity Provider single sign-on URL
      ,
      Identity provider issuer
      , and
      X.509 certificate
      fields.
    4. Set
      Audience
      to match the application Entity ID configured in G Suite. Entity ID was set to
      twistlock
      in the previous section.
    5. Click
      Save
      .
  3. Go to
    Manage > Authentication > Users
    , and click
    Add user
    .
  4. In the
    Username
    field, enter the G Suite email address the user you want to add. Select a role, then click
    Save
    . Be sure
    Create user in local Prisma Cloud account database
    is
    Off
    .
  5. Log out of Console.
    You will be redirected into G Suite and you might need to enter your credentials. After that, you will be redirected back into Prisma Cloud and authenticated as a user.

Troubleshooting

If anything goes wrong during the setup process, you can always force Console to let you login using the default admin account or any other 'local' user account.
Navigate to https://<CONSOLE_IPADDR | CONSLE_HOSTNAME>:8083/#!/login, then enter the credentials for your admin account.
From this point, whenever you navigate to Prisma Cloud Console, you will be redirected to G Suite to authenticate.

Recommended For You