Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Tech Note--Configuring Mirror Gateway for G Suite with Ping
Symantec CloudSOC Tech Note
Tech Note--Configuring Mirror Gateway for G Suite with Ping
Copyright statement Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com. Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others.
Copyright © 2020 Symantec Corp. 2
Tech Note--Configuring Mirror Gateway for G Suite with Ping
Table of Contents
Introduction
Prerequisites
Gather metadata in CloudSOC Store
Configure Mirror Gateway in Ping
Create a custom SAML app in Ping
Federate Mirror Gateway with G Suite
Configure IdP metadata in CloudSOC
Mirror Gateway Hybrid Mode
Revision history
Copyright © 2020 Symantec Corp. 3
Tech Note--Configuring Mirror Gateway for G Suite with Ping
Introduction
This Tech Note describes how to configure the G Suite Gatelet Mirror Gateway features using Ping as an Identity Provider (IdP).
Mirror Gateway forwards all traffic tracked by the CloudSOC G Suite Gatelet to the CloudSOC Gateway for monitoring, even traffic originating from devices that do not have either Reach agent or the CloudSOC PAC file installed.
Prerequisites
You must already have configured:
● Ping as your IdP
● A G Suite account for administrator access
Gather metadata in CloudSOC Store
1. In CloudSOC, select Store .
2. In the Gatelets area of the Store page, click See all .
3. Hover over the G Suite tile and select Activate with Mirror Gateway .
Copyright © 2020 Symantec Corp. 4
Tech Note--Configuring Mirror Gateway for G Suite with Ping
4. From the Configure SAML Federation box, copy the following URLs and paste them into a text document:
● SSO Post URL
● Issuer URL (Entity ID)
5. Click Download Certificate and save the resulting certificate to a temporary location. You will use this certificate as the Verification certificate in a later procedure.
6. Click Cancel and continue with the procedures in Configure Mirror Gateway in Ping .
Configure Mirror Gateway in Ping
Perform the steps in the following sections after you gather the necessary metadata from the CloudSOC Store.
Create a custom SAML app in Ping
1. In Ping, navigate to Applications , then select SAML , then click New SAML Application .
Copyright © 2020 Symantec Corp. 5
Tech Note--Configuring Mirror Gateway for G Suite with Ping
2. Configure the following Application Details as shown in the following and continue with Continue to Next Step .
Application Name Any convenient name, such as "G Suite RP"
Application Description Any convenient description
Category Other
Graphics Leave Blank
3. Configure the following SAML settings in the Application Configuration , as shown
in the following. Leave all other settings in their default states:
Copyright © 2020 Symantec Corp. 6
Tech Note--Configuring Mirror Gateway for G Suite with Ping
Assertion Consumer Service (ACS)
Paste the SSO Post URL you got from the CloudSOC Activate Mirror Gateway box.
Copyright © 2020 Symantec Corp. 7
Tech Note--Configuring Mirror Gateway for G Suite with Ping
Entity ID Paste the Issuer URL (Entity ID) you got from the CloudSOC Activate Mirror Gateway box.
Single Logout Endpoint
https://app.elastica.net/saml2/ls/
4. Click Continue to Next Step .
5. In the SSO Attribute Mapping area, add the following statement, as shown in the following:
Application Attribute
Identity Bridge Attribute or Literal Value
gsuite-nameID Email
User.email Email
6. Click Continue to Next Step .
7. In the Group Access step, add the groups that are authorized to use the Mirror Gateway.
Copyright © 2020 Symantec Corp. 8
Tech Note--Configuring Mirror Gateway for G Suite with Ping
8. On the Review Setup page, click Download to obtain the SAML Metadata file.
9. Click Finish .
Copyright © 2020 Symantec Corp. 9
Tech Note--Configuring Mirror Gateway for G Suite with Ping
Federate Mirror Gateway with G Suite
1. Log in to the Google admin account console at https://admin.google.com
2. Select Security - Settings and then select Set up single sign-on (SSO)
3. Select Setup SSO with third party identity provider . Enter the Sign-in URL that you copied from CloudSOC in the section Gather metadata in CloudSOC Store .
Use the following URL as Sign-out URL (SSO is not supported by GSuite):
Copyright © 2020 Symantec Corp. 10
Tech Note--Configuring Mirror Gateway for G Suite with Ping
4. Upload the certificate that you downloaded from CloudSOC in the section Gather metadata in CloudSOC Store as the Verification certificate.
Note: If the certificate from CloudSOC shows an error during the Save procedure, you can convert the certificate to a different format using OpenSSL. < openssl x509 -outform der -in certificate.pem -out certificate.der>
5. Save the changes.
Configure IdP metadata in CloudSOC
1. In CloudSOC, return to Store , then select Gatelets , and then select G Suite .
2. Hover over the G Suite tile and select Activate with Mirror Gateway .
Copyright © 2020 Symantec Corp. 11
Tech Note--Configuring Mirror Gateway for G Suite with Ping
3. Click Next: Provide SSO Provider Metadata .
4. In the Metadata from your SSO Provider area, click Metadata URL .
5. Paste the SAML Metadata file you copied from Ping in the section Create a custom SAML App in Ping .
6. Click Complete Activation .
7. Wait a few minutes, then check the G Suite Gatelet tile in the CloudSOC Store to make sure Mirror Gateway is enabled.
Mirror Gateway Hybrid Mode
If you have the Mirror Gateway activated and the Reach agent is enabled in Mirror Gateway Hybrid Mode , the Reach agent will continue to work in Hybrid Mode. If you disable Hybrid Mode, the Mirror Gateway is activated as soon as you log out of your Saas application and log back in.
Copyright © 2020 Symantec Corp. 12
Tech Note--Configuring Mirror Gateway for G Suite with Ping
Revision history
Date Version Description
22 January 2020 1.0 Initial release
Copyright © 2020 Symantec Corp. 13