Google Authentication (SAML)

1. In the Ivanti Neurons Platform, navigate to Admin > Authentication.

   The Authentication page appears.

2. In the External Authentication (SSO) section, click Configure & Enable.

   The Enable External Authentication (SSO) page appears.

3. From the Provider drop-down, select Google.

4. From the Sign-In Method drop-down, select Saml 2.0.

   Google SAML 2.0 Configuration Settings appears. It is recommended to leave this tab open for future reference when configuring the details in Google Admin console.
   

1. Log in to Google Admin console.

2. Navigate to Apps > Web and mobile apps.

3. Click Add app, then select Add custom SAML app.

   The App details page appears.

4. Enter a name for the SAML app and click CONTINUE.

5. Select DOWNLOAD METADATA to download the metadata file and click CONTINUE.

6. Enter the values in the Service provider details available in the Ivanti Neurons tab that was open:

   • ACS URL: Assertion Consumer Service URL.

   • Entity ID: Unique identifier.

7. Select Signed response and click CONTINUE.

8. Click ADD MAPPING and enter the details in the Google Directory attributes:

   • First name: given_name.

   • Last name: family_name.

   • Primary email: email.

9. Click FINISH.

   The application is now created in Google.

10. On the Web and mobile apps, follow these steps to grant access to appropriate administrator groups:

    1. Click View details under User access.

    2. Select Administrators from the drop-down of Groups.

    3. Enable the Service status and click Save.

       All members of the administrator group will now have access to the application.

11. Navigate to Ivanti Neurons Platform and click Select file.

12. Open the downloaded metadata file and click Upload to complete the upload.

13. Click Continue.

You must connect with your Google credentials to validate your connection settings.

1. On the Validate Connection Settings page, click Validate Settings.

   The validation takes place automatically. You will receive a confirmation screen if login is successful.

2. Return to the Validate Connection Settings page and select the check box to confirm login success.

   Google is now configured, but it is not enabled. To enable, you need to convert your Ivanti Neurons Platform accounts to Google.

3. Click Continue to proceed to the Convert your Ivanti Neurons platform account page.

• E2018 Authentication failed: User failed to authenticate with Google. Check that the username and password are correct, and that the user has permissions on the Google Application Registration.

• E2019 Missing optional claims: Validation step failed because the additional optional claims were not present in the token returned to Ivanti Neurons Platform from Google.

• E2020 Unable to link to Neurons Platform user account: The Google user login does not match with the Ivanti Neurons Platform user. The Ivanti Neurons Platform user account email address must match the email address used to login into Google.

1. On the Convert your Ivanti Neurons platform account page, click Sign Out & Enable. Ivanti Neurons is signed-out.

2. Click Sign in with Google to complete the process.

3. You can now view Google application in Admin > Authentication with an Enabled status.

4. Click Sign out from the Neurons platform.

   Now, when you sign back in, you are routed to Google to choose the account and sign in with Google credentials.

1. In Ivanti Neurons Platform navigate to Setup > Authentication.

   The Authentication Method page appears.

2. In the External Authentication section, click Actions and select Enable auto provisioning.

3. From the Default roles drop-down, select the access control role that you want to be assigned to all new members.

   To set up Roles, go to Ivanti Neurons > Admin> Roles.

4. Click Enable Auto Provisioning to confirm the role selection and enable auto provisioning for all new members.