google saml zscaler integration agenda
play

Google<-SAML->Zscaler Integration Agenda n What is SAML? n - PowerPoint PPT Presentation

Feb 17, 2023 •263 likes •899 views

Summer Webinar Series Google<-SAML->Zscaler Integration Dianne Dunlap (ddunlap@mcnc.org, 919-248-8439) Client Network Engineering Webinar Links: www.mcnc.org/cne-webinars Google<-SAML->Zscaler Integration Agenda n What is

  1. Summer Webinar Series Google<-SAML->Zscaler Integration Dianne Dunlap (ddunlap@mcnc.org, 919-248-8439) Client Network Engineering Webinar Links: www.mcnc.org/cne-webinars

  2. Google<-SAML->Zscaler Integration Agenda n What is “SAML”? n AAA, Testing, Switching Databases n Lab test setup n Authentication - Google con fj guration n Authentication – Zscaler con fj guration n Authorization – Google con fj guration n Authorization – Zscaler con fj guration n Accounting n AD n Caveats n Questions?

  3. What is “SAML”? Security Assertion Markup Language XML-based, open-standard data format for exchanging authentication and authorization data between identity provider (IdP) and service provider (SP) IdP=Google SP=Dropbox, Facebook at Work, Docusign, Amazon Web Service, etc. And SP…Zscaler!

  4. Advantages of Google<-SAML-> Integration n Consolidation of users in one place instead of Google and Zscaler hosted database n Fewer authentications n One less username and password to remember, synchronized password changes n Ability to add authentication to content- fj ltering at no cost n Means to apply fj ltering policies by users’ category (authorization) n Removes need for Active Directory or other on-premise directory for fj ltering n Advantages of SAML over AD - fewer logins

  5. Disadvantages of Google<-SAML-> Integration n Login and a half (username twice, password once) n SAML assertion cookies may be persistent depending on browser, device

  6. AAA A=authentication n Who is the user? n Google username/password only A=authorization n What is the user allowed to do? n User’s membership in Google custom Department and/or Groups A=accounting n What did the user do? n Zscaler logs

  7. SAML – no AD .

  8. Considerations – Moving to SAML in Zscaler

  9. Authentication – Moving to SAML in Zscaler

  10. Authentication – Moving to SAML in Zscaler

  11. Authentication – custom category exceptions in Zscaler – GRE/onsite

  12. Authentication – authentication exceptions in Zscaler – GRE/onsite

  13. Authentication – SSL decryption exceptions in Zscaler – GRE/onsite

  14. Authentication – exceptions in Zscaler – pac file Pac fj le: if(dnsDomainIs(host, "accounts.google.com")) return "DIRECT"; if(dnsDomainIs(host, "gmail.com")) return "DIRECT";

  15. Lab test setup k12gapps.mcnc.org, OU=PWM, more OUs below:

  16. Lab test setup Google non-custom Attributes ¡ Email ¡ OU/orgUnitPath ¡ Group/Group-email ¡ 9thWonder@k12gapps.mcnc.org ¡ /PWM/Admins ¡ admins@k12gapps.mcnc.org ¡ 2$Fabo@k12gapps.mcnc.org ¡ /PWM/EastEStudents ¡ students@k12gapps.mcnc.org ¡ AlbertEinstein@k12gapps.mcnc.org ¡ /PWM/MainEStudents ¡ students@k12gapps.mcnc.org ¡ 12Gauge@k12gapps.mcnc.org ¡ /PWM/NorthMStudents ¡ students@k12gapps.mcnc.org ¡ AlexanderGrahamBell@k12gapps.mcnc.org ¡ /PWM/SouthMStudents ¡ students@k12gapps.mcnc.org ¡ AndersonPaak@k12gapps.mcnc.org ¡ /PWM/Hstudents ¡ students@k12gapps.mcnc.org ¡ 50Cent@k12gapps.mcnc.org ¡ /PWM/WestEStudents ¡ students@k12gapps.mcnc.org ¡ 2Pistols@k12gapps.mcnc.org ¡ /PWM/EastETeachers ¡ teachers@k12gapps.mcnc.org ¡ ActionBronson@k12gapps.mcnc.org ¡ /PWM/Hteachers ¡ teachers@k12gapps.mcnc.org ¡ 40Glocc@k12gapps.mcnc.org ¡ /PWM/MainETeachers ¡ teachers@k12gapps.mcnc.org ¡ AndreNickatina@k12gapps.mcnc.org ¡ /PWM/NorthMTeachers ¡ teachers@k12gapps.mcnc.org ¡ AlfredHitchcock@k12gapps.mcnc.org ¡ /PWM/SouthMTeachers ¡ teachers@k12gapps.mcnc.org ¡ AliVegas@k12gapps.mcnc.org ¡ /PWM/WestETeachers ¡ teachers@k12gapps.mcnc.org ¡

  17. Authentication - Configuring Google SAML

  18. Authentication – Configuring Google SAML

  19. Authentication – Configuring Google SAML

  20. Authentication – Configuring Google SAML

  21. Authentication – Configuring Google SAML

  22. Authentication – Configuring Google SAML

  23. Authentication – Configuring Google SAML

  24. Authentication – Configuring Google SAML n Enter the Zscaler SSO URL https://login. zscalerone .net:443/sfc_sso n Entity ID: zscalerone.net

  25. Authentication – Configuring Google SAML n ‘

  26. Authentication – Configuring Google SAML n ‘

  27. Authentication – Back Up Zscaler Zscaler backup….

  28. Authentication – configuring SAML in Zscaler

  29. Authentication – configuring SAML in Zscaler

  30. Authentication – configuring SAML in Zscaler

  31. Authentication – turning on for sublocation in Zscaler

  32. Authentication – Department with authorization “off”

  33. Authentication – Department with authorization “off”

  34. Authorization – Google configuration

  35. Authorization – adding Department (and/or Group) schema in Google (web) https://support.google.com/a/answer/6327792?hl=en Schema insert page: https://developers.google.com/admin-sdk/directory/v1/reference/schemas/ insert#try-it { " fj elds": [ { " fj eldName": "Department", " fj eldType": "STRING", "readAccessType": "ADMINS_AND_SELF", "multiValued": true } ], "schemaName": "Department" }

  36. Authorization – populating Department schema in Google (web) https://developers.google.com/admin-sdk/directory/v1/reference/users/patch#try-it

  37. Authorization – populating Department schema in Google (web)

  38. Authorization – adding Department (and/or Group) schema in Google with GAM n GAM=Google Apps Manager n https://www.youtube.com/watch?v=_dybYXJpBH0

  39. Authorization – adding Department (and/or Group) schema in Google with GAM C:\gam> gam info domain C:\gam> gam create schema Department fj eld Department type string multivalued end fj eld C:\gam> gam create schema Groups fj eld Groups type string multivalued end fj eld C:\gam> gam print schemas

  40. Authorization – populating Department (and/or Group) schema existing users in Google GAM ‘ gam update user janedoe@k12gapps.mcnc.org Department.Department multivalue STUDENT gam update user vct@k12gapps.mcnc.org Department.Department multivalue TEACHER gam update user mrzeke@k12gapps.mcnc.org Department.Department multivalue FRONTOFFICE gam update user vct@k12gapps.mcnc.org Groups.Groups multivalue nonstudent@k12gapps.mcnc.org gam update user janedoe@k12gapps.mcnc.org Groups.Groups multivalue elementary@k12gapps.mcnc.org Groups.Groups multivalue middle@k12gapps.mcnc.org gam update user 50cent@k12gapps.mcnc.org Department.Department multivalue FRONTOFFICE Department.Department multivalue TEACHER

  41. Authorization – populating Department (and/or Group) schema in Google GAM gam info user janedoe@k12gapps.mcnc.org

  42. Authorization – populating new users, OUs, Departments (and/or Group) schema in Google GAM csv Gam to create new users. File is testuser.csv: -------- gam csv testuser.csv gam create user ~Email password ~Password fj rstname ~ fj rstname lastname ~lastname gam csv testuser.csv gam update user ~Email OU ~orgUnitPath gam csv testuser.csv gam update user ~Email Department.Department multivalue ~Zscaler_Dept gam csv testuser.csv gam update user ~Email Groups.Groups multivalue ~Zscaler_Group

  43. Authorization – updating existing users with Departments (and/or Groups) schema in Google GAM csv Retrieving list of existing users: gam print users all fj elds gam print users all fj elds > out fj le.csv

  44. Authorization – updating existing user Departments (and/or Group) schema in Google GAM csv =IF(ISNUMBER(SEARCH("Admins*",W<row#>)),"NONSTUDENT","STUDENT") A ¡ W ¡ AG ¡ primaryEmail ¡ orgUnitPath ¡ Department ¡ 100kila@k12gapps.mcnc.org ¡ /PWM/MainETeachers ¡ STUDENT ¡ 12gauge@k12gapps.mcnc.org ¡ /PWM/NorthMStudents ¡ STUDENT ¡ 2chainz@k12gapps.mcnc.org ¡ /PWM/EastEStudents ¡ STUDENT ¡ 2pistols@k12gapps.mcnc.org ¡ /PWM/EastETeachers ¡ STUDENT ¡ abrahamlincoln@k12gapps.mcnc.org ¡ /PWM/MainETeachers ¡ STUDENT ¡ abstractrude@k12gapps.mcnc.org ¡ /PWM/Admins ¡ NONSTUDENT ¡ acehood@k12gapps.mcnc.org ¡ /PWM/SouthMStudents ¡ STUDENT ¡ acHonbronson@k12gapps.mcnc.org ¡ /PWM/HTeachers ¡ STUDENT ¡ adamsaleh@k12gapps.mcnc.org ¡ /PWM/WestEStudents ¡ STUDENT ¡ andre3000@k12gapps.mcnc.org ¡ /PWM/Admins ¡ NONSTUDENT ¡ andrenickaHna@k12gapps.mcnc.org ¡ /PWM/NorthMTeachers ¡ STUDENT ¡ andygriffith@k12gapps.mcnc.org ¡ /PWM/NorthMStudents ¡ STUDENT ¡ andymineo@k12gapps.mcnc.org ¡ /PWM/MainETeachers ¡ STUDENT ¡ andyrooney@k12gapps.mcnc.org ¡ /PWM/HTeachers ¡ STUDENT ¡

  45. Authorization – updating existing users, Departments (and/or Group) schema in Google GAM csv n gam csv out fj le.csv gam update user ~Email Department.Department multivalue ~Department

Recommend

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest / Hungary Agenda Education &amp; Research Identity Federations SAML Terminology Overview of SAML auth call flow WebRTC Identity model

1.09k views • 52 slides
Monthly Meeting November 28, 2018 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler,

Monthly Meeting November 28, 2018 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler,

Monthly Meeting November 28, 2018 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler, Clearswift, LogRhythm, Parsons Cyber, Phoenix TS, Tenable Network Security Agenda / Announcements Welcome to UMBC Training Center Any guests or

535 views • 16 slides
SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

Fondation RESTENA euroCAMP 04 April 2006 SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline SAML 1.1 overview Abstract operations vs. SAML profile Abstract operations: changes since

165 views • 14 slides
Webinar agenda We Speak Translate: What does a Google App have to do with Immigrant Settlement?

Webinar agenda We Speak Translate: What does a Google App have to do with Immigrant Settlement?

Webinar agenda We Speak Translate: What does a Google App have to do with Immigrant Settlement? 1. Presentation by Kate Longpre, Community Integration Coordinator, Inter-Cultural Association of Greater Victoria (Victoria, CA) 2. Interview by

691 views • 24 slides
SETTING UP FOR BUSINESS SUCCESS Lets Discuss all things. Google! Agenda for today Micro

SETTING UP FOR BUSINESS SUCCESS Lets Discuss all things. Google! Agenda for today Micro

SETTING UP FOR BUSINESS SUCCESS Lets Discuss all things. Google! Agenda for today Micro Moments Where Do I Start? Google My Business - including maps Google Analytics Google Adwords Google Shopping Google owned Youtube Make sure

872 views • 63 slides
Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID Terminology OpenID OpenID OpenID Consumer Identity Provider SAML 2.0 Terminology SAML 2.0 SAML 2.0 Service Provider Identity Provider What is

427 views • 16 slides
Monthly Meeting August 28, 2019 Central Maryland Chapter Sponsors: Zscaler, Clearswift,

Monthly Meeting August 28, 2019 Central Maryland Chapter Sponsors: Zscaler, Clearswift,

Monthly Meeting August 28, 2019 Central Maryland Chapter Sponsors: Zscaler, Clearswift, LogRhythm, Parsons Cyber, Phoenix TS, Tenable Network Security Please respect the speakers and other members, Silence or turn off cell phones and

434 views • 19 slides
OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

Shib Shibbolet oleth Develo Developmen ent a t and Su d Supp pport Services t Services OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm, 7 May 2008 EuroCAMP, Stockholm, 7 May 2008 Shib

666 views • 20 slides
A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel Matranga Access Delegation in distributed environments SAML 2.0 Condition to Delegate Implementation Future plans Access Delegation in distributed

666 views • 18 slides
arXiv:1706.03762v5 [cs.CL] 6 Dec 2017 Llion Jones Aidan N. Gomez ukasz Kaiser

arXiv:1706.03762v5 [cs.CL] 6 Dec 2017 Llion Jones Aidan N. Gomez ukasz Kaiser

Attention Is All You Need Ashish Vaswani Noam Shazeer Niki Parmar Jakob Uszkoreit Google Brain Google Brain Google Research Google Research avaswani@google.com noam@google.com nikip@google.com usz@google.com

295 views • 15 slides
March 27, 2019 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler, Clearswift, LogRhythm,

March 27, 2019 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler, Clearswift, LogRhythm,

Monthly Meeting March 27, 2019 Central Maryland Chapter Sponsors: Cybrary, Inc., Zscaler, Clearswift, LogRhythm, Parsons Cyber, Phoenix TS, Tenable Network Security Updates to Meeting Schedule March 2019 5:15 to 5:45 Business Meeting 5:45

576 views • 19 slides
How To Grow Your Business with Google PRESENTED BY Clear Mind Graphics, Xtropy &amp; Google

How To Grow Your Business with Google PRESENTED BY Clear Mind Graphics, Xtropy &amp; Google

Google Education Webinar Series How To Grow Your Business with Google PRESENTED BY Clear Mind Graphics, Xtropy &amp; Google Proprietary + Confidential Agenda Introductions How to Reach Your Customers Online Paid Search Fundamentals

561 views • 44 slides
Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing LastN Nightly support Statistics and logging system News Atlassian has just acquired Blue Jimp, Jitsi will continue to evolve as an

795 views • 17 slides
Google AdWords &amp; Google Analytics Jenn Davidson What are they? Several different Google

Google AdWords &amp; Google Analytics Jenn Davidson What are they? Several different Google

Google AdWords &amp; Google Analytics Jenn Davidson What are they? Several different Google Ad certification exams. Sales, shopping, mobile sites etc. Google Ads- online advertising service where advertisers pay to display brief

706 views • 9 slides
Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri Demchenko, Leon Gommans, Cees de Laat System and Network Engineering Group University of Amsterdam POLICY2007 Workshop 13-15 June 2007, Bologna Outline

532 views • 25 slides
Google Analytics Overview Whats Google Analytics? The Google Analytics

Google Analytics Overview Whats Google Analytics? The Google Analytics

Google Analytics Overview Whats Google Analytics? The Google Analytics implementation formula. Steps involved in installing Google Analytics. Tracking events, campaigns and ecommerce data. Creating goals and funnels

652 views • 40 slides
Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos &amp; SAML John Hughes, Entegrity Solutions Tim

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos &amp; SAML John Hughes, Entegrity Solutions Tim

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos &amp; SAML John Hughes, Entegrity Solutions Tim Alsop, CyberSafe Limited Current Document Progress Two documents : Generalised AuthnRequest Profiles Working Draft 02, 1st February 2004

239 views • 7 slides
Integration of OpenCMS into SAP NetWeaver Dimitry Surkov Cologne, June 2009 Agenda Integration

Integration of OpenCMS into SAP NetWeaver Dimitry Surkov Cologne, June 2009 Agenda Integration

Integration of OpenCMS into SAP NetWeaver Dimitry Surkov Cologne, June 2009 Agenda Integration of openCMS into SAP NetWeaver 1. SAP NetWeaver introduction 2. Business case: government services portal of YNAO 3. Integration: openCMS

578 views • 25 slides
CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup RECOMMENDATIONS TO THE TASK FORCE July 18, 2014 Each Behavioral Health Organization should provide rapid access to the following billable services along a

790 views • 9 slides
Economic Value of Google Hal Varian Chief Economist Google Value of Google What I'm not

Economic Value of Google Hal Varian Chief Economist Google Value of Google What I'm not

Economic Value of Google Hal Varian Chief Economist Google Value of Google What I'm not going to do Counterfactual estimate of world without Google Alternative histories are like playing tennis with the net down What I am going

681 views • 23 slides
Google tools for civics National Association of Secretaries of State Google Civics Outreach

Google tools for civics National Association of Secretaries of State Google Civics Outreach

Proprietary + Confidential Google tools for civics National Association of Secretaries of State Google Civics Outreach Agenda Proprietary + Confidential Setting up secure Google Accounts Establishing your presence on Google and YouTube

567 views • 39 slides
RPC Metrics at Google JBD, Google (@rakyll) gRPC Metrics at Google JBD, Google (@rakyll)

RPC Metrics at Google JBD, Google (@rakyll) gRPC Metrics at Google JBD, Google (@rakyll)

RPC Metrics at Google JBD, Google (@rakyll) gRPC Metrics at Google JBD, Google (@rakyll) Request Metrics at Google JBD, Google (@rakyll) &quot;100% is the wrong reliability target for basically everything.&quot; -- Benjamin Treynor

452 views • 20 slides
HOWDY! DSA IT Liaisons Communications Committee 10/6/2020 Agenda Tech Tip: Google

HOWDY! DSA IT Liaisons Communications Committee 10/6/2020 Agenda Tech Tip: Google

HOWDY! DSA IT Liaisons Communications Committee 10/6/2020 Agenda Tech Tip: Google Filestream Spirion Client Annual Security Assessment Update Inventory Management DoIT Updates Q&amp;A Google Filestream

518 views • 14 slides
Gustavo H. Kastrup 25th June, 2020 AGENDA 1 INTRODUCTION 2 GOOGLE SHOPPING AROUND THE GLOBE

Gustavo H. Kastrup 25th June, 2020 AGENDA 1 INTRODUCTION 2 GOOGLE SHOPPING AROUND THE GLOBE

15TH ASCOLA CONFERENCE | ANNEX SESSION 2 NEW TOOLS TO OLD ISSUES? WHAT CAN BE LEARNED FROM THE RECENT DECISIONS ON THE GOOGLE SHOPPING CASES Anna Binotto Gustavo H. Kastrup 25th June, 2020 AGENDA 1 INTRODUCTION 2 GOOGLE SHOPPING AROUND

496 views • 12 slides

More recommend