Twistlock supports SAML integration with Google G Suite. To set up G Suite:
Log into your G Suite admin console.
Click on Apps.
Click on SAML apps.
Click the + button at the bottom to add a new app.
Click SETUP MY OWN CUSTOM APP at the bottom of the dialog.
Copy the SSO URL and Entity ID, and download the certificate. You will need these later for setting up the integration in Twistlock Console. Click NEXT.
Enter an Application Name, such as Twistlock, then click NEXT.
In the Service Provider Details dialog, enter the following details, then click NEXT.
In ACS URL, enter: https://<CONSOLE_IPADDR | CONSOLE_HOSTNAME>:8083/api/v1/authenticate.
In Entity ID, enter: twistlock.
Enable Signed Response.
Click FINISH, then OK.
Turn the application to on. Select either ON for everyone or ON for some organizations.
To set up Twistlock for G Suite integration:
Log into Console, then go to Manage > Authentication > SAML.
Set up the following parameters:
Enable Integrate SAML users and groups with Twistlock.
In Identity provider, select G Suite.
Paste the SSO URL, Entity ID, and certificate that you copied during the G Suite set up (Step 6) into the Identity Provider single sign-on URL, Identity provider issuer, and X.509 certificate fields.
Set Audience to match the application Entity ID configured in G Suite. Entity ID was set to twistlock in the previous section.
Click Save.
Go to Manage > Authentication > Users, and click Add user.
In the Username field, enter the G Suite email address the user you want to add. Select a role, then click Save. Be sure Create user in local Twistlock account database is Off.
Log out of Console.
You will be redirected into G Suite and you might need to enter your credentials. After that, you will be redirected back into Twistlock and authenticated as a user.
If anything goes wrong during the setup process, you can always force Console to let you login using the default admin account or any other 'local' user account.
Navigate to https://<CONSOLE_IPADDR | CONSLE_HOSTNAME>:8083/#!/login, then enter the credentials for your admin account.
From this point, whenever you navigate to Twistlock Console, you will be redirected to G Suite to authenticate.