Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
This article describes how to configure SMA and G Suite to use SAML for authentication.
Resolution
The steps listed below will allow you to enable SAML on the Kace SMA and
configure it to work with Google G Suite as the identity provider.
Step 1: Create new SAML app in G Suite and download metadata file
Sign in to the Google admin console as a super administrator for the G Suite account you are setting up. (note: this account does not end in @gmail.com)
Within the G Suite admin console home page, go to Apps → SAML apps.
Click Add App → Add Custom SAML App
In the App details page, type a name for the app (e.g. KACE SMA 1) and click Continue
Click Download Metadata to download the IDP metadata file
Click Continue
Step 2: Configure SMA to use SAML and then get the SP identifier URLs from the appliance
In a separate browser window, log in to the SMA as administrator
Within the SMA admin UI, navigate to Settings→Control Panel→SAML Configuration
Check the checkbox for Enable SAML Service Provider
Check the checkbox for IdP Does not Support Passive Authentication
Under the Identity Provider Settings, click the button for Enter XML Data
Copy and paste the text from the downloaded G Suite metadata file into the textbox and click Import IdP Metadata (The XML data will be parsed and the SMA SAML settings will be automatically populated from that data)
Scroll to the bottom of the page to the Local Service Provider Settings and click the button for View Metadata (notate the URLs for "SP Entity Identifier (url)" and "SP Assertion Consumer
Service (url)", as these identifier URLs will be inputted into the G Suite setup in the next step)
Click Save
Step 3: Enter the service provider identifier URLs from the SMA into G Suite
Back in the Google admin console, in the text field for ACS URL, paste the "SP Assertion consumer Service" URL from the SMA
In the text field for Entity ID, paste the "SP Entity Identifier" URL from the SMA
For NameIDFormat, select EMAIL
For NameID, select Basic Information > Primary Email
Click Continue
Step 4: Specify the Google Directory attributes you would like to map to SAML attributes in G Suite
Click Add Mapping
In the dropdown list, choose the Google Directory attribute you would like to map
To the right of this field (under App attributes), for each Google Directory attribute type a custom attribute name Examples: Primary Email → email Last Name → lastname Department → department
Once you have entered all the attributes you would like to map, click Finish
Step 5: Specify the SAML attributes you would like to map in SMA and specify roles
On the SMA SAML configuration page, scroll to the IdP Attribute Mappings section and click the radio button for Use SAML
In the column for SAML Claim, type in the custom attribute names you created in G Suite. You can reuse the custom attribute names for multiple SMA user fields (e.g. a custom attribute "email" can be used for both the SMA Login and SMA Primary email) Note: SMA user fields for "Login" and "Primary Email" both require custom attributes, and typically the custom email attribute is used for both fields
Role mapping is optional and un-mapped users will be assigned the default role. It is generally good practice to specify a default role (such as Administrator) for unmatched users
Click Save
Step 6: Enable the SAML app in G Suite
Back in the Google admin console, select the SAML app you just created
Press the down carat to expand the "User Access" section
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Recommended Content
Product(s):
KACE Systems Management Appliance
KACE as a Service
Topic(s):
How To
Article History:
Created on: 5/13/2021 Last Update on: 5/7/2023
Thank you for your feedback for Topic Request
Your Request will be reviewed by our technical reviewer team and, if approved, will be added as a Topic in our Knowledgebase.
Welcome to Quest Support
You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.
The Quest Software Portal no longer supports IE8, 9, & 10 and it is recommended to upgrade your browser to the latest version of Internet Explorer or Chrome.