diff --git a/docs/deployment/sso.md b/docs/deployment/sso.md index 5ee2ea8c6..6ba888fb2 100644 --- a/docs/deployment/sso.md +++ b/docs/deployment/sso.md @@ -61,12 +61,14 @@ SAML2.0 is configured through **Semgrep AppSec Platform**. To set up SSO: ![Finding Single sign on URL, and Audience URI via Semgrep AppSec Platform](/img/saml-copy-urls.png#md-width) 3. From your authentication provider, copy your **IdP SSO URL** and **IdP Issuer ID** values, and download the **X509 Certificate**. ![Finding IdP SSO URL, IdP Issuer ID, and X509 Certificate through Okta](/img/saml-copy-IdPSSO-IdPID-and-X509.png#md-width) -4. Return to Semgrep AppSect Platform, and paste the **IdP SSO URL** and **IdP Issuer ID** values, and upload your **X509 Certificate**. +4. Return to Semgrep AppSec Platform, and paste the **IdP SSO URL** and **IdP Issuer ID** values, and upload your **X509 Certificate**. ![Filling in IdP SSO URL, IdP Issuer ID, and X509 Certificate on Semgrep](/img/saml-filling-IdpSSO-IdpID-X509.png#md-width) 5. Select the box next to **This SSO supports non-password authentication mechanisms (e.g. MFA, X509, PasswordLessPhoneSignin)** if applicable. 6. Click **Save** to proceed. -If you encounter issues during the setup process, reach out to [support@semgrep.com](mailto:support@semgrep.com) for assistance. +If you are using Google Workspace SAML, see [SAML Single Sign-on with Google Workspace](/docs/kb/semgrep-appsec-platform/saml-google-workspace) for more specific guidance. + +If you encounter issues during the setup process, [reach out to support](/docs/support) for assistance. ### Set up SAML SSO with Microsoft Entra ID diff --git a/docs/kb/semgrep-appsec-platform/saml-google-workspace.md b/docs/kb/semgrep-appsec-platform/saml-google-workspace.md new file mode 100644 index 000000000..b65e08522 --- /dev/null +++ b/docs/kb/semgrep-appsec-platform/saml-google-workspace.md @@ -0,0 +1,26 @@ +--- +description: Learn how to set up SAML access to Semgrep AppSec Platform with Google Workspace. +tags: + - Semgrep AppSec Platform + - SSO +--- + +# SAML Single Sign-on with Google Workspace + +This article describes how to set up SAML Single Sign-on for Semgrep AppSec Platform with Google Workspace, including how to set up the necessary attribute mappings. + +Follow these steps: + +1. [Set up a custom SAML app](https://support.google.com/a/answer/6087519?hl=en#zippy=%2Cstep-add-the-custom-saml-app) in Google Workspace. The default **Name ID** is the primary email, and this value is optimal for use with Semgrep AppSec Platform. +2. When you reach the **Add mapping** step of the instructions to set up a custom SAML app, add the two attribute statements that Semgrep AppSec Platform requires: `name` and `email`. + * The attribute mapped to `email` should be the primary email. + * The attribute mapped to `name` should be some form of the user's name. You can use a default attribute like the user's first name, or create a custom attribute for their full name. + ![Attribute mappings](/img/kb/google_attributes.png) +3. Sign in to Semgrep AppSec Platform. +4. Navigate to **[Settings > Access > Login methods](https://semgrep.dev/orgs/-/settings/access/loginMethods)**. +5. Click **Add SSO configuration** and select **SAML2 SSO**. +6. Provide a **Display name** and your **Email domain**. +7. Copy the **SSO URL** and **Audience URL (SP Entity ID)**, and provide them to Google Workspace as the **ACS URL** and **Entity ID**, respectively. +8. Copy your IDP metadata, including the SSO URL and Entity ID and the x509 certificate, from the custom SAML app in Google Workspace. +9. Enter these in Semgrep AppSec Platform as the **IdP SSO URL** and **IdP Issuer ID** values respectively, and upload or paste the X509 Certificate. +10. Click **Save** to proceed. diff --git a/static/img/kb/google_attributes.png b/static/img/kb/google_attributes.png new file mode 100644 index 000000000..a2d401456 Binary files /dev/null and b/static/img/kb/google_attributes.png differ