google saml zscaler integration agenda
play

Google<-SAML->Zscaler Integration Agenda n What is SAML? n - PowerPoint PPT Presentation

Feb 17, 2023 •263 likes •899 views

Summer Webinar Series Google<-SAML->Zscaler Integration Dianne Dunlap (ddunlap@mcnc.org, 919-248-8439) Client Network Engineering Webinar Links: www.mcnc.org/cne-webinars Google<-SAML->Zscaler Integration Agenda n What is

  1. Summer Webinar Series Google<-SAML->Zscaler Integration Dianne Dunlap (ddunlap@mcnc.org, 919-248-8439) Client Network Engineering Webinar Links: www.mcnc.org/cne-webinars

  2. Google<-SAML->Zscaler Integration Agenda n What is “SAML”? n AAA, Testing, Switching Databases n Lab test setup n Authentication - Google con fj guration n Authentication – Zscaler con fj guration n Authorization – Google con fj guration n Authorization – Zscaler con fj guration n Accounting n AD n Caveats n Questions?

  3. What is “SAML”? Security Assertion Markup Language XML-based, open-standard data format for exchanging authentication and authorization data between identity provider (IdP) and service provider (SP) IdP=Google SP=Dropbox, Facebook at Work, Docusign, Amazon Web Service, etc. And SP…Zscaler!

  4. Advantages of Google<-SAML-> Integration n Consolidation of users in one place instead of Google and Zscaler hosted database n Fewer authentications n One less username and password to remember, synchronized password changes n Ability to add authentication to content- fj ltering at no cost n Means to apply fj ltering policies by users’ category (authorization) n Removes need for Active Directory or other on-premise directory for fj ltering n Advantages of SAML over AD - fewer logins

  5. Disadvantages of Google<-SAML-> Integration n Login and a half (username twice, password once) n SAML assertion cookies may be persistent depending on browser, device

  6. AAA A=authentication n Who is the user? n Google username/password only A=authorization n What is the user allowed to do? n User’s membership in Google custom Department and/or Groups A=accounting n What did the user do? n Zscaler logs

  7. SAML – no AD .

  8. Considerations – Moving to SAML in Zscaler

  9. Authentication – Moving to SAML in Zscaler

  10. Authentication – Moving to SAML in Zscaler

  11. Authentication – custom category exceptions in Zscaler – GRE/onsite

  12. Authentication – authentication exceptions in Zscaler – GRE/onsite

  13. Authentication – SSL decryption exceptions in Zscaler – GRE/onsite

  14. Authentication – exceptions in Zscaler – pac file Pac fj le: if(dnsDomainIs(host, "accounts.google.com")) return "DIRECT"; if(dnsDomainIs(host, "gmail.com")) return "DIRECT";

  15. Lab test setup k12gapps.mcnc.org, OU=PWM, more OUs below:

  16. Lab test setup Google non-custom Attributes ¡ Email ¡ OU/orgUnitPath ¡ Group/Group-email ¡ 9thWonder@k12gapps.mcnc.org ¡ /PWM/Admins ¡ admins@k12gapps.mcnc.org ¡ 2$Fabo@k12gapps.mcnc.org ¡ /PWM/EastEStudents ¡ students@k12gapps.mcnc.org ¡ AlbertEinstein@k12gapps.mcnc.org ¡ /PWM/MainEStudents ¡ students@k12gapps.mcnc.org ¡ 12Gauge@k12gapps.mcnc.org ¡ /PWM/NorthMStudents ¡ students@k12gapps.mcnc.org ¡ AlexanderGrahamBell@k12gapps.mcnc.org ¡ /PWM/SouthMStudents ¡ students@k12gapps.mcnc.org ¡ AndersonPaak@k12gapps.mcnc.org ¡ /PWM/Hstudents ¡ students@k12gapps.mcnc.org ¡ 50Cent@k12gapps.mcnc.org ¡ /PWM/WestEStudents ¡ students@k12gapps.mcnc.org ¡ 2Pistols@k12gapps.mcnc.org ¡ /PWM/EastETeachers ¡ teachers@k12gapps.mcnc.org ¡ ActionBronson@k12gapps.mcnc.org ¡ /PWM/Hteachers ¡ teachers@k12gapps.mcnc.org ¡ 40Glocc@k12gapps.mcnc.org ¡ /PWM/MainETeachers ¡ teachers@k12gapps.mcnc.org ¡ AndreNickatina@k12gapps.mcnc.org ¡ /PWM/NorthMTeachers ¡ teachers@k12gapps.mcnc.org ¡ AlfredHitchcock@k12gapps.mcnc.org ¡ /PWM/SouthMTeachers ¡ teachers@k12gapps.mcnc.org ¡ AliVegas@k12gapps.mcnc.org ¡ /PWM/WestETeachers ¡ teachers@k12gapps.mcnc.org ¡

  17. Authentication - Configuring Google SAML

  18. Authentication – Configuring Google SAML

  19. Authentication – Configuring Google SAML

  20. Authentication – Configuring Google SAML

  21. Authentication – Configuring Google SAML

  22. Authentication – Configuring Google SAML

  23. Authentication – Configuring Google SAML

  24. Authentication – Configuring Google SAML n Enter the Zscaler SSO URL https://login. zscalerone .net:443/sfc_sso n Entity ID: zscalerone.net

  25. Authentication – Configuring Google SAML n ‘

  26. Authentication – Configuring Google SAML n ‘

  27. Authentication – Back Up Zscaler Zscaler backup….

  28. Authentication – configuring SAML in Zscaler

  29. Authentication – configuring SAML in Zscaler

  30. Authentication – configuring SAML in Zscaler

  31. Authentication – turning on for sublocation in Zscaler

  32. Authentication – Department with authorization “off”

  33. Authentication – Department with authorization “off”

  34. Authorization – Google configuration

  35. Authorization – adding Department (and/or Group) schema in Google (web) https://support.google.com/a/answer/6327792?hl=en Schema insert page: https://developers.google.com/admin-sdk/directory/v1/reference/schemas/ insert#try-it { " fj elds": [ { " fj eldName": "Department", " fj eldType": "STRING", "readAccessType": "ADMINS_AND_SELF", "multiValued": true } ], "schemaName": "Department" }

  36. Authorization – populating Department schema in Google (web) https://developers.google.com/admin-sdk/directory/v1/reference/users/patch#try-it

  37. Authorization – populating Department schema in Google (web)

  38. Authorization – adding Department (and/or Group) schema in Google with GAM n GAM=Google Apps Manager n https://www.youtube.com/watch?v=_dybYXJpBH0

  39. Authorization – adding Department (and/or Group) schema in Google with GAM C:\gam> gam info domain C:\gam> gam create schema Department fj eld Department type string multivalued end fj eld C:\gam> gam create schema Groups fj eld Groups type string multivalued end fj eld C:\gam> gam print schemas

  40. Authorization – populating Department (and/or Group) schema existing users in Google GAM ‘ gam update user janedoe@k12gapps.mcnc.org Department.Department multivalue STUDENT gam update user vct@k12gapps.mcnc.org Department.Department multivalue TEACHER gam update user mrzeke@k12gapps.mcnc.org Department.Department multivalue FRONTOFFICE gam update user vct@k12gapps.mcnc.org Groups.Groups multivalue nonstudent@k12gapps.mcnc.org gam update user janedoe@k12gapps.mcnc.org Groups.Groups multivalue elementary@k12gapps.mcnc.org Groups.Groups multivalue middle@k12gapps.mcnc.org gam update user 50cent@k12gapps.mcnc.org Department.Department multivalue FRONTOFFICE Department.Department multivalue TEACHER

  41. Authorization – populating Department (and/or Group) schema in Google GAM gam info user janedoe@k12gapps.mcnc.org

  42. Authorization – populating new users, OUs, Departments (and/or Group) schema in Google GAM csv Gam to create new users. File is testuser.csv: -------- gam csv testuser.csv gam create user ~Email password ~Password fj rstname ~ fj rstname lastname ~lastname gam csv testuser.csv gam update user ~Email OU ~orgUnitPath gam csv testuser.csv gam update user ~Email Department.Department multivalue ~Zscaler_Dept gam csv testuser.csv gam update user ~Email Groups.Groups multivalue ~Zscaler_Group

  43. Authorization – updating existing users with Departments (and/or Groups) schema in Google GAM csv Retrieving list of existing users: gam print users all fj elds gam print users all fj elds > out fj le.csv

  44. Authorization – updating existing user Departments (and/or Group) schema in Google GAM csv =IF(ISNUMBER(SEARCH("Admins*",W<row#>)),"NONSTUDENT","STUDENT") A ¡ W ¡ AG ¡ primaryEmail ¡ orgUnitPath ¡ Department ¡ 100kila@k12gapps.mcnc.org ¡ /PWM/MainETeachers ¡ STUDENT ¡ 12gauge@k12gapps.mcnc.org ¡ /PWM/NorthMStudents ¡ STUDENT ¡ 2chainz@k12gapps.mcnc.org ¡ /PWM/EastEStudents ¡ STUDENT ¡ 2pistols@k12gapps.mcnc.org ¡ /PWM/EastETeachers ¡ STUDENT ¡ abrahamlincoln@k12gapps.mcnc.org ¡ /PWM/MainETeachers ¡ STUDENT ¡ abstractrude@k12gapps.mcnc.org ¡ /PWM/Admins ¡ NONSTUDENT ¡ acehood@k12gapps.mcnc.org ¡ /PWM/SouthMStudents ¡ STUDENT ¡ acHonbronson@k12gapps.mcnc.org ¡ /PWM/HTeachers ¡ STUDENT ¡ adamsaleh@k12gapps.mcnc.org ¡ /PWM/WestEStudents ¡ STUDENT ¡ andre3000@k12gapps.mcnc.org ¡ /PWM/Admins ¡ NONSTUDENT ¡ andrenickaHna@k12gapps.mcnc.org ¡ /PWM/NorthMTeachers ¡ STUDENT ¡ andygriffith@k12gapps.mcnc.org ¡ /PWM/NorthMStudents ¡ STUDENT ¡ andymineo@k12gapps.mcnc.org ¡ /PWM/MainETeachers ¡ STUDENT ¡ andyrooney@k12gapps.mcnc.org ¡ /PWM/HTeachers ¡ STUDENT ¡

  45. Authorization – updating existing users, Departments (and/or Group) schema in Google GAM csv n gam csv out fj le.csv gam update user ~Email Department.Department multivalue ~Department

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest / Hungary Agenda Education &amp; Research Identity Federations SAML Terminology Overview of SAML auth call flow WebRTC Identity model

1.09k views • 52 slides
Monthly Meeting November 28, 2018 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler,

Monthly Meeting November 28, 2018 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler,

Monthly Meeting November 28, 2018 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler, Clearswift, LogRhythm, Parsons Cyber, Phoenix TS, Tenable Network Security Agenda / Announcements Welcome to UMBC Training Center Any guests or

535 views • 16 slides
SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

Fondation RESTENA euroCAMP 04 April 2006 SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline SAML 1.1 overview Abstract operations vs. SAML profile Abstract operations: changes since

165 views • 14 slides
Webinar agenda We Speak Translate: What does a Google App have to do with Immigrant Settlement?

Webinar agenda We Speak Translate: What does a Google App have to do with Immigrant Settlement?

Webinar agenda We Speak Translate: What does a Google App have to do with Immigrant Settlement? 1. Presentation by Kate Longpre, Community Integration Coordinator, Inter-Cultural Association of Greater Victoria (Victoria, CA) 2. Interview by

691 views • 24 slides
SETTING UP FOR BUSINESS SUCCESS Lets Discuss all things. Google! Agenda for today Micro

SETTING UP FOR BUSINESS SUCCESS Lets Discuss all things. Google! Agenda for today Micro

SETTING UP FOR BUSINESS SUCCESS Lets Discuss all things. Google! Agenda for today Micro Moments Where Do I Start? Google My Business - including maps Google Analytics Google Adwords Google Shopping Google owned Youtube Make sure

872 views • 63 slides
Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID Terminology OpenID OpenID OpenID Consumer Identity Provider SAML 2.0 Terminology SAML 2.0 SAML 2.0 Service Provider Identity Provider What is

427 views • 16 slides
Monthly Meeting August 28, 2019 Central Maryland Chapter Sponsors: Zscaler, Clearswift,

Monthly Meeting August 28, 2019 Central Maryland Chapter Sponsors: Zscaler, Clearswift,

Monthly Meeting August 28, 2019 Central Maryland Chapter Sponsors: Zscaler, Clearswift, LogRhythm, Parsons Cyber, Phoenix TS, Tenable Network Security Please respect the speakers and other members, Silence or turn off cell phones and

434 views • 19 slides
OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

Shib Shibbolet oleth Develo Developmen ent a t and Su d Supp pport Services t Services OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm, 7 May 2008 EuroCAMP, Stockholm, 7 May 2008 Shib

666 views • 20 slides
A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel Matranga Access Delegation in distributed environments SAML 2.0 Condition to Delegate Implementation Future plans Access Delegation in distributed

666 views • 18 slides
arXiv:1706.03762v5 [cs.CL] 6 Dec 2017 Llion Jones Aidan N. Gomez ukasz Kaiser

arXiv:1706.03762v5 [cs.CL] 6 Dec 2017 Llion Jones Aidan N. Gomez ukasz Kaiser

Attention Is All You Need Ashish Vaswani Noam Shazeer Niki Parmar Jakob Uszkoreit Google Brain Google Brain Google Research Google Research avaswani@google.com noam@google.com nikip@google.com usz@google.com

295 views • 15 slides
March 27, 2019 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler, Clearswift, LogRhythm,

March 27, 2019 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler, Clearswift, LogRhythm,

Monthly Meeting March 27, 2019 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler, Clearswift, LogRhythm, Parsons Cyber, Phoenix TS, Tenable Network Security Updates to Meeting Schedule March 2019 5:15 to 5:45 Business Meeting 5:45

576 views • 19 slides
How To Grow Your Business with Google PRESENTED BY Clear Mind Graphics, Xtropy &amp; Google

How To Grow Your Business with Google PRESENTED BY Clear Mind Graphics, Xtropy &amp; Google

Google Education Webinar Series How To Grow Your Business with Google PRESENTED BY Clear Mind Graphics, Xtropy &amp; Google Proprietary + Confidential Agenda Introductions How to Reach Your Customers Online Paid Search Fundamentals

561 views • 44 slides
Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing LastN Nightly support Statistics and logging system News Atlassian has just acquired Blue Jimp, Jitsi will continue to evolve as an

795 views • 17 slides
Google AdWords &amp; Google Analytics Jenn Davidson What are they? Several different Google

Google AdWords &amp; Google Analytics Jenn Davidson What are they? Several different Google

Google AdWords &amp; Google Analytics Jenn Davidson What are they? Several different Google Ad certification exams. Sales, shopping, mobile sites etc. Google Ads- online advertising service where advertisers pay to display brief

706 views • 9 slides
Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri Demchenko, Leon Gommans, Cees de Laat System and Network Engineering Group University of Amsterdam POLICY2007 Workshop 13-15 June 2007, Bologna Outline

532 views • 25 slides
Google Analytics Overview Whats Google Analytics? The Google Analytics

Google Analytics Overview Whats Google Analytics? The Google Analytics

Google Analytics Overview Whats Google Analytics? The Google Analytics implementation formula. Steps involved in installing Google Analytics. Tracking events, campaigns and ecommerce data. Creating goals and funnels

652 views • 40 slides
Software Integration of Medical Devices An Important Issue in Modern Health Technology D IRK T

Software Integration of Medical Devices An Important Issue in Modern Health Technology D IRK T

Software Integration of Medical Devices An Important Issue in Modern Health Technology D IRK T IMMERMANN F RANK G OLATOWSKI I NSTITUTE OF A PPLIED M ICROELECTRONICS UND C OMPUTER E NGINEERING U NIVERSITY OF R OSTOCK Topics Motivation Why

207 views • 19 slides
within eduGAIN Research Project: 2 Supervisor: Brook Schofield GANT Marcel den Reijer

within eduGAIN Research Project: 2 Supervisor: Brook Schofield GANT Marcel den Reijer

Calculating metadata propagation time within eduGAIN Research Project: 2 Supervisor: Brook Schofield GANT Marcel den Reijer Thursday July 4, 2019 UvA System &amp; Network Engineering 1 of 18 In Introduction eduGAIN

389 views • 19 slides
Digital Identity as a Basis for Internet Security Infrastructure Ing. Radovan Semank

Digital Identity as a Basis for Internet Security Infrastructure Ing. Radovan Semank

Digital Identity as a Basis for Internet Security Infrastructure Ing. Radovan Semank Business Global Systems Agenda Introduction Unified User Management Public Key Infrastructure Digital Identity Conclusion Introduction

337 views • 12 slides
XML Extensible Markup Language Generic format for structured representation of data. DD1335

XML Extensible Markup Language Generic format for structured representation of data. DD1335

XML XML Extensible Markup Language Generic format for structured representation of data. DD1335 (Lecture 9) Basic Internet Programming Spring 2010 1 / 34 XML XML Extensible Markup Language Generic format for structured

1.29k views • 117 slides
E-nvisioning the participation of European construction SMEs in a future e-Business scenario

E-nvisioning the participation of European construction SMEs in a future e-Business scenario

E-nvisioning the participation of European construction SMEs in a future e-Business scenario Iaki Angulo, Eduardo Garca, Nieves Pea, Valentn Snchez LABEIN Technological Center, Bizkaia, SPAIN (angulo, egarcia, npena, valen@labein.es)

331 views • 8 slides
ownCloud Unternehmensdaten sicher in eigener Hand CeBIT 2014 12. Mrz 2014 Christian

ownCloud Unternehmensdaten sicher in eigener Hand CeBIT 2014 12. Mrz 2014 Christian

ownCloud Unternehmensdaten sicher in eigener Hand CeBIT 2014 12. Mrz 2014 Christian Schneemann B1 Systems GmbH System Management &amp; Monitoring Architect schneemann@b1-systems.de B1 Systems GmbH - Linux/Open Source Consulting,

939 views • 24 slides
Sample Best Practice Checklist Use the following list as a template to modify based on the

Sample Best Practice Checklist Use the following list as a template to modify based on the

Housing Development Center May 10, 2012 Sample Best Practice Checklist Use the following list as a template to modify based on the requirements of your project. It is not intended to be inclusive or exhaustive but instead to introduce the main

1.05k views • 19 slides
!&quot;#$%#&amp;%'%()*+,-.*/#$#*0%$1*2,3$45!6* 47,/8#(),6*#(9*:&quot;7(;#+7.3 &lt;1#(97.*4#(73#(

!&quot;#$%#&amp;%'%()*+,-.*/#$#*0%$1*2,3$45!6* 47,/8#(),6*#(9*:&quot;7(;#+7.3 &lt;1#(97.*4#(73#(

!&quot;#$%#&amp; &quot;#$%#&amp;%' %'%() %()*+,- *+,-.*/ */#$#*0 #$#*0%$1 %$1*2,3 *2,3$45! $45!6 47,/ 47,/8#() 8#(),6 ,6*#(9 *#(9*:&quot;7(; *:&quot;7(;#+7. #+7.3 !&quot;#$%#&amp;%'%()*+,-.*/#$#*0%$1*2,3$45!6*

918 views • 73 slides

More recommend