Avi Vantage Integration with Google
An Avi virtual service’s ability to act as a service provider is key to support of Security Assertion Markup Language (SAML), starting with release 18.2.2. To fulfill this role, the Avi virtual service sends authentication requests to an identity provider (IDP), responses from which govern user access to back-end applications running in Avi pools. Multiple third-party integrations have been implemented by Avi Networks to give customers a choice of IDP. This article outlines the steps necessary to enable Google as IDP.
Avi as SP and Google as IDP
To set up Google G-suite as your SAML Identity Provider, follow these steps:
-
Navigate to your Google G-suite admin page.
-
From the Admin console Home page, navigate to Apps SAML Apps. To see Apps on the Home page, it may be necessary to click More controls at the bottom.
-
Click the plus (+) icon in the lower-right to add a new SAML app.
-
Click Set up my own custom app.
-
The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate. Choose “Option 2”, download your IDP metadata.
-
In the Basic Application Information window, enter an application name and description.
-
In the Service Provider Details window, add an ACS URL, an Entity ID.. The ACS URL, the Entity ID are provided by the Avi . You can select EMAIL as the Name ID Format
-
Switch the service status for SAML App from “OFF” to “ON for everyone”
This completes the process of creating an application on Google.
Once configuration is complete on Google, configure an Avi virtual service to act as service provider by following the instructions given in the SAML Configuration on Avi Vantage article.
Suggested Reading
Configuring SAML Authentication with Workspace One for Avi Controller