- In order to create a custom SAML application log in to Google Workspace with the appropriate administration account on the left pane and select Application -> Web Applications and mobile applications.
- A name should be assigned for the Google Custom SAML application:
- This is where we get IDP configuration details for EMS configuration:
EMS side -> Google side
SSO URL (Google) = IdP single sign-on URL (EMS)
Asset ID (Google) = IdP Entity ID (EMS)
Certificate (Google) = Identity Provider settings certificate -> Should be downloaded and attached to EMS SAML configuration.
- Attach the required fields on the previous step to EMS SAML configuration.
Go to EMS -> User Management -> SAML Configuration.:
- SP Address on the configuration should be publicly accessible FQDN for EMS.
- In Google custom SAML application as 3. Step.
ACS URL (Google) = SP ACS (login) URL (EMS)
Asset ID (Google) = SP ENTITY ID(EMS)
- On Google Workspace remaining configuration on the custom SAML APP is optional.
Once the application is created, it is necessary to allow users who use custom applications.
Note:
Application rights can be narrowed via groups.
- An EMS invitation code should be created for user verification on FortiClients:
- Once the created invitation code is applied on Forticlient it will prompt for the Google authentication page:
- It is necessary to type a valid e-mail address that exists on Google Workspace.
- After successful login, there will be a prompt to select the open link.
- After a successful connection was made to EMS.
End user verification details should be shown with a valid Google Workspace e-mail as follows under EMS-> User Management -> Verified Users.
- Go under EMS -> Endpoints -> All endpoints.
 |
