STEP 1 - Google G Suite SAML Configuration
- Log in to the G Suite administration console at https://admin.google.com.
- Click the SAML box, then click the plus icon in the bottom-right of the page. The Enable SSO for SAML Application appears.
- Scroll down the list of SAML Applications and locate Symantec WSS.
- Click the arrow on the right of the SymantecWSS line.
- Click Download under Option 2 to save the Google Identity Provider (IdP) file. This file will be used later in the WSS portal to complete the association between Google and WSS.
- Click Next.
- Confirm basic information for your new SAML application.
- Confirm that the page displays the same information as the above image, and click Next.
- Define the Symantec Web Security Service details:
- ACS URL: threatpulse.net:8443/samlsaml_realm/bcsamlpost
- Entity ID: https://saml.threatpulse.net:8443/saml/saml_realm
- You may leave other fields in their default state. Click Next.
- Define the user and group identifiers for authentication. The group definitions that may currently exist in your WSS configuration cannot be imported to the G Suite authentication service. This page allows you to map group attributes to the Department group.
- Click Add New Mapping to use the Department field as the user group. The groups defined here as Departments can be used in WSS group policy.
- Click Finish.
After you complete the G Suite application setup wizard, G Suite displays a settings page.

Click the three dot menu in the top right and select ON for everyone to enable SAML authentication for all users.
STEP 2 - Federate G Suite With the Web Security Service Portal
- Log in to the WSS portal at https://portal.threatpulse.com and go to Service > Authentication > SAML.
- Click Import Metadata and browse your system for the IdP file you saved earlier.
- Click Import Metadata and locate the xml file you saved from the Google SAML configuration that begins with GoogleIDPMetadata.
- Entity ID and Endpoint URL fields auto-populate based on the contents of the IDP file.
- Set the endpoint type as Post Endpoint.
- Type Department in the Group Attribute field.
- Click Save.

- Browse to Service > Authentication > Authentication Policy in the portal.
- Create rule(s) to associate your new SAML realm with users who browse through Web Security Service.
- Click Add Rule.
- Choose the access method your users use. If your users access WSS from both methods, repeat this process to create a rule for each access method.
- Select the locations supported by your access method to enforce SAML authentication policy against.
- Select the locations you want to apply SAML authentication policy to.
- Click Add.
- Click Next.
- Enable Captive Portal for the selected location.
- Click the switch to Enable Captive Portal.
- Select SAML as the Authentication method.
- Change the lifespan of the authentication cookie by setting the Auth refresh frequency.(Optional)
- Click Finish.
- Enable your new authentication rule.
- Check the box next to the new rule.
- Click Activate to enable the new rule.
