1. Setting up G Suite

Twistlock supports SAML integration with Google G Suite. To set up G Suite:

Procedure

  1. Log into your G Suite admin console.

  2. Click on Apps.

    integrate g suite 791235
  3. Click on SAML apps.

    integrate g suite 791236
  4. Click the + button at the bottom to add a new app.

  5. Click SETUP MY OWN CUSTOM APP at the bottom of the dialog.

  6. Copy the SSO URL and Entity ID, and download the certificate. You will need these later for setting up the integration in Twistlock Console. Click NEXT.

    integrate g suite 791271
  7. Enter an Application Name, such as Twistlock, then click NEXT.

  8. In the Service Provider Details dialog, enter the following details, then click NEXT.

    1. In ACS URL, enter: https://<CONSOLE_IPADDR | CONSOLE_HOSTNAME>:8083/api/v1/authenticate.

    2. In Entity ID, enter: twistlock.

    3. Enable Signed Response.

      integrate g suite 791240
  9. Click FINISH, then OK.

    integrate g suite 791241
  10. Turn the application to on. Select either ON for everyone or ON for some organizations.

    integrate g suite 791242

2. Setting up Twistlock

To set up Twistlock for G Suite integration:

Procedure

  1. Log into Console, then go to Manage > Authentication > SAML.

  2. Set up the following parameters:

    1. Enable Integrate SAML users and groups with Twistlock.

    2. In Identity provider, select G Suite.

    3. Paste the SSO URL, Entity ID, and certificate that you copied during the G Suite set up (Step 6) into the Identity Provider single sign-on URL, Identity provider issuer, and X.509 certificate fields.

    4. Set Audience to match the application Entity ID configured in G Suite. Entity ID was set to twistlock in the previous section.

    5. Click Save.

  3. Go to Manage > Authentication > Users, and click Add user.

  4. In the Username field, enter the G Suite email address the user you want to add. Select a role, then click Save. Be sure Create user in local Twistlock account database is Off.

  5. Log out of Console.

    integrate active directory 555634

    You will be redirected into G Suite and you might need to enter your credentials. After that, you will be redirected back into Twistlock and authenticated as a user.

3. Troubleshooting

If anything goes wrong during the setup process, you can always force Console to let you login using the default admin account or any other 'local' user account.

Navigate to https://<CONSOLE_IPADDR | CONSLE_HOSTNAME>:8083/#!/login, then enter the credentials for your admin account.

From this point, whenever you navigate to Twistlock Console, you will be redirected to G Suite to authenticate.