Follow the steps below to configure single sign-on with Google Workspace.
1.) Log in to the Fortinet Security Awareness and Training Service as the tenant administrator or a user with the Admin role assignment.
2.) Select Settings from the navigation menu, then select the Configure button under the Admin settings tab, Single Sign-On (SSO) section:
3.) On the configuration page, select the Add Fortinet as a SAML service provider (SP) option button:
4. ) Log in to Google Workspace admin account (https://admin.google.com)
5.) Go to Apps > Web and mobile apps
6.) Click on Add app, then select Add custom SAML app
7.) Name the app "Fortinet Security Awareness and Training Service V3" and provide a description, if you wish, then click Continue:
8.) On the next screen, click Continue again
6.) Return to the Fortinet Security Awareness and Training Service console, copy the ACS URL, then paste the value in the ACS URL field in Google
7.) Then copy the SP Entity ID URL from Fortinet, and paste the value in the ‘Entity ID’ field in Google
The Start URL is not required.
8.) Select the Name ID format dropdown and select Email
9.) Ensure that the Name ID field is displaying Basic Information > Primary email
10.) Click Continue
11.) Return to the Fortinet Security Awareness and Training Service console and select the Continue button:
12.) Enter the values you wish to use for the Attributes, in the Attributes fields of the Configure your SAML attributes section.
These values are case sensitive, so, whatever values you enter here, you will need to exactly match in the Google app settings.
Click Continue:
13.) Return to the Google Workspace Admin app.
11.) Select the ADD MAPPING button:
12.) Add attribute mappings as you entered them in the Fortinet Security Awareness and Training Service. These must match and be mapped to the Google Directory Attributes:
For Example, if you entered the following in the Fortinet Security Awareness and Training Service:
... you would enter the following in the Google Admin configuration for the SAML app:
13.) Click Finish
14.) On the home page for the new custom app, click on Download Metadata
15.) Under Option 1, click on Download Metadata.
This will now download an XML metadata file
16.) Return to the Fortinet Security Awareness and Training Service console and select the Upload your Identity Provider Metadata option button:
17.) Browse to or Drag and drop the downloaded ‘GoogleIDPMetadata.xml’ file
18.) Click on the Complete button. The Single Sign-On (SSO) configuration will confirm Enabled:
19.) Return to the Google Workspace Admin app so that you can provision users access to the newly configured SAML application
20.) Select the Off for everyone link in the User access section:
21.) You will now need to provision the application by selecting users or groups that should have access to the app. You may need to create a group and all users to it if you do not already have a group configured that creates the necessary user community.
22.) You can now manually create a single user from the Users navigation menu item. Then use your configured domain, to test the log in via your configured SAML2 application:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article