Hybrid - SAML - Need Service Provider Entity ID/AP...

apurvaseth · 12-08-2020 06:17 AM

Hi All,

I am following https://cloud.google.com/identity-platform/docs/web/saml to enable SAML in Hybrid.

Is there a sample available which can help me in creating an APP and using it for Service Provider Entity ID?

The above document focusses on

"Under Service provider, enter the Entity ID of your app. This is typically your app's URL. On your SAML identity provider, this is referred to as the audience."

I do not have an app at the moment. Please let me know if there is a way to create and use one.

Thanks.

dchiesa1

Can you clarify... are you trying to enable SAML sign on for operators and admins, people who will administer the Apigee configuration?

If not that, then... can you describe what actors or systems will be the SAML SP, RP, and IdP?

apurvaseth

Thanks Dino for your response.

The ask here is to integrate SAML with GCP login for all the company users.

At the moment, I want my company users to login to GCP using SAML.

As we are currently using google accounts and if a user leaves the company in the future, he/she should not have access to GCP.

dchiesa1

integrate SAML with GCP login for all the company users.

I see! OK, in that case, I will direct you to the Cloud Identity SSO setup instructions. That page links to more content that shows you how SSO works and how to set the Idp and SP sides up. Does this help?

If you are using Azure AD as the IdP, then there are some additional possibilities - "federating" between AAD and Google Identity. Be sure to check that out if it applies.

Be aware, the SSO arrangement described here will satisfy your needs if you are using Apigee hybrid, but ... the SSO relationship will apply to any Google cloud product - compute, storage, and anything else. Conversely, any documentation you see on the cloud.google.com site that talks about setting up SSO, also applies to Apigee hybrid.

Hybrid - SAML - Need Service Provider Entity ID/APP