Configure G Suite to manage your directory of users in Banyan

This article describes features that are only available in the Banyan Business edition and Banyan Enterprise edition.

G Suite SSO allows G Suite organizations to have users sign in to all their applications using their managed Google account credentials. Banyan integrates with your organization’s G Suite SSO to authenticate enterprise users that need access to Banyan secured services.

Pre-requisites

In order to set up this integration, you need administrative access to G Suite and the ability to add a new SAML App.

Steps

1. In the Banyan Command Center, configure your User Identity Provider

1a. Navigate to Settings > TrustProvider Settings > Identity Provider and then set your User Identity Provider to SAML.

You will fill out these Identity Provider configuration fields after you set up the new application integration in G Suite.

1b. Take note of the Redirect URL (ACS) provided in the configuration field. You will need it for the steps in G Suite below.

2. Launch a new Application Integration in G Suite

2a. Log in to your G Suite Admin account.

2b. Navigate to Apps > SAML apps.

2c. Choose Setup My Own Custom App.

2d. Take note your SSO URL, download the certificate, and then click Next.

2e. Name the application Banyan TrustProvider, upload our logo, and then click Next.

2f. When asked for ACS URL and Entity ID, use the Redirect URL you obtained in Step 1b. Also, set the Name ID Format to EMAIL.

2g. Set up the attribute mappings. Banyan requires your IDP’s returned SAML assertion to contain attributes that can be mapped to a user’s Email, Username, and Groups.

Set the Attribute Mappings as follows:

  • email -> Primary Email
  • name -> Last Name
  • groups -> Department

G Suite does not support transmitting groups via SAML attributes. Instead, we suggest using the Department field.

2h. Click FINISH to save the application details in G Suite

2i. Click on the Banyan TrustProvider SAML app you just created and set to ON for everyone. This will allow Banyan to federate authentication of all users in your organization to your SAML IDP.

Note: You still need to apply Policies in the Banyan Command Center to manage which users can access specific internal applications.

3. Save the G Suite fields in the Banyan Command Center

3a. Return to the Identity Provider page in the Banyan Command Center (Settings > TrustProvider Settings > Identity Provider) and enter the Banyan TrustProvider App parameters from G Suite:

  • IDP SSO URL (from Step 2d)
  • Entity Issuer - Leave this optional field blank. It will default to the Redirect URL.
  • IDP CA Certificate (from Step 2d)
  • Username Attribute (from Step 2g)
  • Email Attribute (from Step 2g)
  • Groups Attribute (from Step 2g)
  • Groups Delimiter – Do not use this field. Entering an incorrect value may lead to configuration errors and behavior issues. Please contact Banyan Support for assistance.

3b. Click Update Identity Provider Config to save the settings.


That’s it! You have successfully integrated G Suite to manage your directory of users in Banyan.



Last modified: Jul 24, 2021