Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to configure GSUITE as SAML as IDentifie Provided

SOLVED
Go to solution
m.ferrara
Contributor
‎05-02-2019 01:34:AM
‎05-02-2019 01:34:AM

How to configure GSUITE as SAML as IDentifie Provided

Hi good morning,

 

I have two PSA5000 in Active/PAssive cluster.

 

Now I like to configure access to SSLVPN by GSUITE user and not local user.

I search documentation, but I can't configure it.

 

I did these steps

1) On Pulse

In System -> SAML -> Setting test.mydomain.com

 

2) On GSUITE 

Create in App Settings SAML server with this config:

ACS URL = https://test.mydomain.com/dana/home/index.cgi (my login page of sslvpn)

Entity ID = https://test.mydomain.com/dana-na/auth/saml-endpoint.cgi?p=sp1 (see in Auth Servers > GSUITE_SAML > Settings Connect Secure Entity Id)

Attribute Mapping:

Email - Basic Information - Primary Email

FirstName - Basic Information - First Name

LastName - Basic Information - Last Name

 

3) ON PUlse

Auth Servers > GSUITE_SAML > Settings

SAML Version: 2.0
Connect Secure Entity Id: https://test.mydomain.com/dana-na/auth/saml-endpoint.cgi?p=sp1
Configuration Mode: Manual Manual
Identity Provider Entity Id: https://accounts.google.com/o/saml2?idpid=xxxxxxxxx
Identity Provider Single Sign On Service URL: https://accounts.google.com/o/saml2/idp?idpid=xxxxxxxxx

 

4) On Pulse

in Sign-in Policy Set USers to use GSUITE_SAML created before.

 

 

When I try to connect to https://test.mydomain.com I see the GSUITE autenticationm insert email and password, and after the system don't redirect to sslvpn home page

 

Could we help me please?

 

Thanks.

Marco

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
m.ferrara
Contributor
‎05-15-2019 02:25:AM
‎05-15-2019 02:25:AM

Re: his is Re: How to configure GSUITE as SAML as IDentifie Provided

Hi, thanks to all for the support, I solved.

 

I change this in ACS URL GSUITE conf:

 

Auth server > SAML  server>Service Provider Metadata Settings>Download Metadata.

Open the Metadata> Coy the AssertionConsumerService URL and in the IDP [GSUITE] change the ACS URL

View solution in original post

20 REPLIES 20
r@yElr3y
Moderator
Moderator
‎05-02-2019 07:06:AM
‎05-02-2019 07:06:AM

Re: How to configure GSUITE as SAML as IDentifie Provided

Hi Marco,

 

It seems that you have configured the ACS URL incorrectly on the GSuite (IDP) side.

 

Please try replacing the https://test.mydomain.com/dana/home/index.cgi URL with https://test.mydomain.com/ if you have mapped the SAML realm to */ sign-in URL on the VPN server.

 

Thanks,
Ray.

PCS Expert
Pulse Connect Secure Certified Expert
m.ferrara
Contributor
‎05-03-2019 05:59:AM
‎05-03-2019 05:59:AM

Re: How to configure GSUITE as SAML as IDentifie Provided

     

Hi Ray,

thank you so much for your reply.

 

I changed the ACS url but I don't understand where I can see how I set the mapped the SAML realm to */ sign-in URL on the VPN server.

Is it in Authentication -> Signing In > Sign-in Policies 

 

Thanks

Marco

0 Kudos
r@yElr3y
Moderator
Moderator
‎05-03-2019 07:19:AM
‎05-03-2019 07:19:AM

Re: How to configure GSUITE as SAML as IDentifie Provided

Yes. You're right. 😊

 

It's under Authentication -> Signing In > Sign-in Policies >> User URLs. Check to which sign-in URL you have mapped the SAML realm. If it's under */ URL, then you can update the ACS URL as https://test.mydomain.com/. If not, please add the exact URL string (*/<string>) as ACS URL.

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
m.ferrara
Contributor
‎05-07-2019 02:54:AM
‎05-07-2019 02:54:AM

Re: How to configure GSUITE as SAML as IDentifie Provided

Hi,

 

I have */ and I change in Gsuite configuration but I can't resolve.

 

Thanks

Marco

0 Kudos
r@yElr3y
Moderator
Moderator
‎05-07-2019 08:30:AM
‎05-07-2019 08:30:AM

Re: How to configure GSUITE as SAML as IDentifie Provided

What is the error message you're receiving after providing the credentials?

 

Is it something like "Invalid Sign-in URL"?

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
zanyterp
Moderator
Moderator
‎05-07-2019 12:23:PM
‎05-07-2019 12:23:PM

Re: How to configure GSUITE as SAML as IDentifie Provided

do you have a role mapping rule in place to allow all users on your test realm?
what does your policy trace show for the login failure?
0 Kudos
csuchindra
Contributor
‎05-09-2019 09:59:PM
‎05-09-2019 09:59:PM

Re: How to configure GSUITE as SAML as IDentifie Provided

Hi Marco,

 

Is it possible to configure GSuite on a separate Sign-In URL such as say */gsuite and try again?

 

 

0 Kudos
m.ferrara
Contributor
‎05-10-2019 06:18:AM
‎05-10-2019 06:18:AM

Re: How to configure GSUITE as SAML as IDentifie Provided

Hi,

thanks for the reply. 

I have configured but did't work. 

 

Please what are all steps (in order) to configure correctly SAML w9ith GSUITE?

 

Es

1) set SMAL Server in configuration -> SAML -> Setting

2) New metadata provider in Configuration -> SAML

 

etc...

 

Thanks

0 Kudos
zanyterp
Moderator
Moderator
‎05-10-2019 07:29:AM
‎05-10-2019 07:29:AM

Re: How to configure GSUITE as SAML as IDentifie Provided

I would recommend opening a case with support to work through the configuration live and do testing.
i have checked and they have a time-limited trial. i will try to work on it over the weekend using the trial.
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.