Skip to main content

Google Workspace SAML SSO

This topic describes to configure SAML SSO with Google Workspace to allow your team members to sign in to the Lacework Console with their Google credentials.


Adding/modifying a SAML app requires the super administrator role.

In your Google Workspace account, complete the following steps:

  1. Sign in to Google Workspace with super administrative privileges.
  2. From the Admin console home page, click Apps > Web and mobile apps.
  3. In the bottom right, click the (+) icon.
  4. Click Setup My Own Custom App.
  5. In the App Details window, add an application name and description.
  6. (Optional) Upload a PNG or GIF file to serve as an icon for Lacework. The icon image should be 256 pixels square. The Lacework logo at the end of this section meets Google Workspace sizing requirements.
  7. Click Continue. The Google Identity Provider details window opens and the SSO URL and Entity ID fields automatically populate.
  8. Get the setup information needed by Lacework using one of these methods:
    • Copy the SSO URL and Entity ID and download the certificate
    • Download the IdP metadata
  9. (Optional) In a separate browser tab or window, sign in to the Lacework Console and enter the information you copied or downloaded in Step 5 into the Lacework SAML configuration page (see SAML Configuration), then return to the Google Workspace Admin console.
  10. Click Continue.
  11. In the Service Provider Details window, complete the following fields:
 * **ACS URL**:  
Your exact assertion consumer service URL is displayed on the Lacework Console SAML configuration page.
* **Entity ID**:
* **Name ID Format**: Email
  1. Keep the defaults for all other fields.
  2. Click Continue.
  3. Click Finish. (Skip attribute mapping for now.)
  4. When the confirmation displays, click Finish.
  5. When the Lacework SAML app displays, click User access.
  6. Select On for everyone and click Save.

If you have not yet entered the Google IdP data into the Lacework Console SAML configuration page, do that now. See the Enable SAML in the Lacework Console section in SAML Configuration to complete setup.

To enable JIT user provisioning, see Configure SAML JIT.

You can use the following Lacework logo as part of the basic information for the custom Lacework app. To save the image to your computer, right-click it and click Save Image As....