Contact Support


Configuring Google Single Sign-On Integration with SAML

Google offers a Single sign-on service as part of their Cloud Identity product, a unified identity platform for IAM (Identity and Access Management) and EMM (Enterprise Mobility Management). Google SSO provides single-click access to thousands of on-premises and in the cloud pre-integrated applications.

Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An Identity Provider (IdP) service provides administrators with a single place to manage all users and cloud applications. You don't have to manage individual user IDs and passwords tied to individual cloud applications for each of your users. An IdP service provides your users with a unified sign-on across all their enterprise cloud applications.

Single Sign-On Fields

This table lists and explains the Single Sign-On fields in the Configure Single Sign-On window.

Field Description
Enable Select this option to enable the single sign-on feature.
Enforce to authenticate only with single sign-on Enable this option so only administrator users can authenticate without single sign-on. Users can only sign in to Netsparker Enterprise by using the email address that belongs to their employer.
IdP Identifier This is the SAML identity provider’s Identifier value.
SAML 2.0 Service URL This is the Consumer URL value (also called the SSO Endpoint or Recipient URL).
SAML 2.0 Endpoint This is the URL from your IdP's SSO Endpoint field.
X.509 Certificate This is the X.509 certificate value.
Enable Auto Provisioning

Enable this option so that an account will be automatically created for IdP registered users when they first access Netsparker Enterprise.

If you enable this option for user creation in Netsparker Enterprise, you must complete the FirstName, LastName and Phone Number (optional) fields in the Attribute Statements on the IdP side.

This means a new team member can log in to Netsparker Enterprise with no user permissions, such as Start Scan. They can add permissions after this.

Require SAML assertions to be encrypted

Enable this option to prevent third parties from reading private data in transit from assertions.

There are two options:

  • Generate a new certificate for me: Netsparker generates a key pair. Netsparker will keep a private key to decrypt received SAML messages and provide you with a certificate so that you can upload it on the IdP side.
  • I have an existing certificate: You need to upload your certificate to Netsparker by importing a decryption certificate from your files.

How to Configure Google Single Sign-On Integration with SAML

  1. Log in to your Google account and navigate to the Admin console.
  2. Click Apps.
  3. Click SAML. The SAML Apps settings window is displayed.
  4. Click Add a service/App to your domain. The Enable SSO for SAML Application window is displayed.

  1. Click SETUP MY OWN CUSTOM APP. The Google IdP Information window is displayed.

  1. Take a note of the IdP Information: SSO URL, Entity ID and Certificate. (You will need them in a later step.)
  2. In IDP metadata, click DOWNLOAD.
  3. Click NEXT. The Basic information for your Custom App window is displayed.

  1. Enter an Application Name and click NEXT. The Service Provider Details window is displayed.

  1. In the ACS URL field, copy and paste in the contents of the SAML 2.0 Service URL field from Netsparker Enterprise's Single Sign-On window.
  2. In the Entity ID field, copy and paste in the contents of the Identifier field (URL) from Netsparker SSO configuration window.
  3. Click NEXT. The Attribute Mapping window is displayed.

  1. Click FINISH.
  2. Return to the SAML Settings window.
  3. Click the ellipsis () for More Options, then select ON for everyone.
  4. In the IdP Information note panel:
    • Copy the URL from the Entity ID field.
    • Then log in to Netsparker Enterprise, and from the main menu, click Settings, then Single Sign-On. Select the Google tab, and paste the URL into the Idp Identifier field.
    • Next, copy the URL from the SSO URL field.
    • Then in Netsparker Enterprise's Single Sign-On window, paste the URL into the SAML 2.0 Endpoint field.
    • Finally, copy the content from the downloaded X.509 Certificate field.
    • Then in Netsparker Enterprise's Single Sign-On window, paste it into the X.509 Certificate field.

  1. Check Enable Auto Provisioning and Require SAML assertions to be encrypted as required.
  2. In Netsparker Enterprise's Single Sign-On window, click Save Changes.

Highly accurate, fast & easy-to-use Web Application Security Scanner