SAML SSO with Google Workspace

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

• Guided setup (beta)
• Legacy manual configuration

This article describes how to set up SAML Single Sign-on for Semgrep AppSec Platform with Google Workspace, including how to set up the necessary attribute mappings.Ensure that you are an admin for both your Semgrep deployment and your Google Workspace account.

​

Google Workspace configuration

1

Set up a custom SAML app in Google Workspace. The default Name ID is the primary email, and this value is optimal for use with Semgrep AppSec Platform.

2

When you reach the Add mapping step of the instructions to set up a custom SAML app, add the attribute statements that Semgrep AppSec Platform requires:

Name	Value
id	user.login or user.email
email	user.email
firstName	user.firstName
lastName	user.lastName

​

Semgrep configuration

1

Sign in to Semgrep AppSec Platform.

2

Go to Settings > Access > Login methods.

3

In the Single sign-on (SSO) section, provide a valid Email domain, then click Initialize.

4

The Configure Single Sign-On dialog appears to guide you through the remaining configuration steps. Begin by selecting Custom SAML.

5

Follow the instructions provided on the subsequent Configure Single Sign-On dialog pages to complete this process. When you’ve completed the required steps, use Test sign-in to test the connection.

6

Once test sign-in has passed, close the test page. Verify that the Connection details shown on the Connection activated screen are correct and close the dialog.

7

Verify that the Connection status is now active under the Single sign-on (SSO) section in Semgrep AppSec Platform.

8

To use the new connection, log out of Semgrep, then log back in using SSO.

Follow these steps:

1

Set up a custom SAML app in Google Workspace. The default Name ID is the primary email, and this value is optimal for use with Semgrep AppSec Platform.

2

When you reach the Add mapping step of the instructions to set up a custom SAML app, add the two attribute statements that Semgrep AppSec Platform requires: name and email.

• The attribute mapped to email should be the primary email.
• The attribute mapped to name should be some form of the user’s name. You can use a default attribute like the user’s first name, or create a custom attribute for their full name.

3

Sign in to Semgrep AppSec Platform.

4

Navigate to Settings > Access > Login methods.

5

Click Add SSO configuration and select SAML2 SSO.

6

Provide a Display name and your Email domain.

7

Copy the SSO URL and Audience URL (SP Entity ID), and provide them to Google Workspace as the ACS URL and Entity ID, respectively.

8

Copy your IDP metadata, including the SSO URL and Entity ID and the x509 certificate, from the custom SAML app in Google Workspace.

9

Enter these in Semgrep AppSec Platform as the IdP SSO URL and IdP Issuer ID values respectively, and upload or paste the X509 Certificate.

10

Click Save to proceed.