Ad Widget

Collapse

How to setup JIT users in Zabbix SSO using Google Workspace

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Beetle
    Junior Member
    • Sep 2024
    • 8
    #1

    How to setup JIT users in Zabbix SSO using Google Workspace

    I have recently upgraded to v7.0.3 and am able to setup SAML SSO using Google workspace by creating local users in Zabbix. Now I'm trying to setup SAML - JIT using Google workspace without creating local users in Zabbix.

    After successfully authenticated with the Google I'm facing the below error in Zabbix page.

    Click image for larger version Name: image.png Views: 354 Size: 8.3 KB ID: 492308


    Under user group mapping, I have added a group from google workspace in group pattern.
    Click image for larger version Name: image.png Views: 268 Size: 17.2 KB ID: 492309
    Click image for larger version Name: image.png Views: 273 Size: 17.8 KB ID: 492310

    In Google workspace I have added the group in App attribute.

    Click image for larger version Name: image.png Views: 266 Size: 56.9 KB ID: 492311


    Can anyone provide the setup steps for JIT using Google Workspace.
    Tags: google, jit, saml, sso, zabbix
    • Answer selected by Beetle at 10-10-2024, 11:00.
      Beetle
      Junior Member
      • Sep 2024
      • 8
      The issue is now resolved. I'm successfully able to login via SSO as a JIT provisioned user.

      The only mistake I made is to mention the Group Name instead of the Group Mail ID.

      Click image for larger version Name: image.png Views: 261 Size: 17.8 KB ID: 492550


      In Google Groups,

      ​​
      3 SAML
      https://www.zabbix.com
      Last edited by Beetle; 10-10-2024, 11:00.
        • Selected Answer

        Comment

        • jhboricua
          Senior Member
          • Dec 2021
          • 113
          #2
          I'm going to assume that the group being setup is not actually [email protected] but admins@<your google workspace domain>, right?

            Comment

            • jhboricua
              Senior Member
              • Dec 2021
              • 113
              #3
              I'm going to assume that the group you're setting up is not actually what's on the screenshot but admins at <your Google Workspace domain suffix>?

                Comment

                • Beetle
                  Junior Member
                  • Sep 2024
                  • 8
                  #4
                  Yes you are correct. The actual domain is something else.

                    Comment

                    • jhboricua
                      Senior Member
                      • Dec 2021
                      • 113
                      #5
                      Do you have to do something on the Google side of things for JIT as described here?

                      Configure just-in-time provisioning  |  Google Security Operations  |  Google Cloud Documentation
                      https://cloud.google.com/chronicle/docs/soar/admin-tasks/saml-soar-only/what-is-justintime-user-provisioning

                        Comment

                        • Beetle
                          Junior Member
                          • Sep 2024
                          • 8
                          #6
                          The issue is now resolved. I'm successfully able to login via SSO as a JIT provisioned user.

                          The only mistake I made is to mention the Group Name instead of the Group Mail ID.

                          Click image for larger version Name: image.png Views: 261 Size: 17.8 KB ID: 492550


                          In Google Groups,

                          ​​
                          3 SAML
                          https://www.zabbix.com
                          Last edited by Beetle; 10-10-2024, 11:00.
                            • Selected Answer

                            Comment

                            Previous template Next
                            Working...