There are several different ways to authenticate users in the Google SecOps
SOAR platform after you configure the SAML provider. Use the following procedure to authenticate users:
Go to SOAR Settings > Advanced > External Authentication.
Click
add
Add in the Provider screen.
In the Provider Type field, select the required SAML provider. For example, Okta or
Google Workspace.
In the Provider Name field, enter the name of the instance. For example,
Okta Customer name.
For Configuration settings, fill out the fields as detailed in the following table:
Field
Description
Provider name
Add the name of the provider.
IDP Metadata
The IDP Metadata is SAML metadata and is
used to share configuration information between the Identity
Provider (IdP) and the Service Provider (SP). If you use a
certificate, set WantAuthnRequestsSigned="true" in
the XML. If you're not using a certificate, set it to
false.
Identifier
The service provider identifier in the SAML provider.
This is called different names in different service providers. For example,
this is called Entity ID in Google Workspace.
ACS URL
Google SecOps SOAR
server name. Can be an IP URL, Host Name URL, or Local Host
URL. To sign in with SAML, you need to connect to the platform with the same
URL pattern configured in this field.
The URL must contain the IP address of the Google SecOps SOAR server,
followed by /saml2.
Unsolicited Response
Also known as IdP-Initiated response, this field lets SAML users enter the Google SecOps SOAR platform
directly from their SAML IdP application. For example,
if your company uses Okta, you can configure it so that users can
enter Google SecOps SOAR through the Okta application. Note:You can only use Unsolicited Response when there's one SAML provider
configured in the platform.
Auto-redirect
With auto-redirect enabled, users who aren't logged in are automatically
redirected to the IdP to log in. To force a user to sign in to the
platform directly while auto-redirect is enabled, add to the URL; for example,
https://example.com/#/login?autoExternalLogin=false.Note:You can only use this option when there's one provider configured.
Click Test to verify that the configuration works.
Click Save.
Select one of the user creation types as needed:
Manual: Add users, individually,
in the User Management window. For
information on how to add users, see Add users to the platform.
Just in Time: Automatically create the user (at log in) in Google SecOps. When you select this option, an advanced tab opens
with more parameters. For more information, see
Just in Time Provisioning.
IdP Group Mapping: Create the user automatically in Google SecOps based on the IdP group assignment. When you select this
option, an advanced tab opens with more parameters. For more information on IdP group mapping, see
IdP group mapping (SOAR only).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis guide is specifically for configuring SAML authentication for the standalone Google Security Operations SOAR platform.\u003c/p\u003e\n"],["\u003cp\u003eThe process involves configuring a SAML provider, which can be Okta, Google Workspace, or Azure, and the documentation provides specific instructions for each.\u003c/p\u003e\n"],["\u003cp\u003eThe configuration steps are completed in the SOAR settings under \u003cstrong\u003eExternal Authentication\u003c/strong\u003e, where you will add a provider with relevant information, including provider name, IDP Metadata, Identifier, and ACS URL.\u003c/p\u003e\n"],["\u003cp\u003eAfter configuring the provider, you can choose between Manual, Just-in-Time, or IdP Group Mapping user creation methods to manage users within the SOAR platform.\u003c/p\u003e\n"],["\u003cp\u003eUnsolicited Response and Auto-redirect are available options for specific sign in situations, however these only work when one SAML provider is configured within the SOAR platform.\u003c/p\u003e\n"]]],[],null,["# Authenticate users using SSO (SOAR only)\n========================================\n\nSupported in: \n[SOAR](/chronicle/docs/secops/google-secops-soar-toc) \n| **Note:** This document is for customers using the standalone SOAR platform only.\n\nThis document describes how to configure a SAML provider. \n\n- If you are using Okta -- read [Configure\n Okta in Google Security Operations SOAR](/chronicle/docs/soar/admin-tasks/saml-soar-only/saml-configuration-for-okta) first.\n- If you're using Google Workspace, see [SAML\n configuration for Google Workspace](/chronicle/docs/soar/admin-tasks/saml-soar-only/saml-configuration-for-g-suite) first.\n- If you're using Azure, see [SAML\n configuration for Azure](/chronicle/docs/soar/admin-tasks/saml-soar-only/saml-configuration-for-azure) first.\n\n\u003cbr /\u003e\n\nThere are several different ways to authenticate users in the Google SecOps SOAR platform after you configure the SAML provider. Use the following procedure to authenticate users:\n\n1. Go to **SOAR Settings \\\u003e Advanced \\\u003e External Authentication**.\n2. Click add **Add** in the Provider screen.\n3. In the **Provider Type** field, select the required SAML provider. For example, Okta or Google Workspace.\n4. In the **Provider Name** field, enter the name of the instance. For example, Okta Customer name.\n5. For **Configuration** settings, fill out the fields as detailed in the following table:\n\n6. Click **Test** to verify that the configuration works.\n7. Click **Save**.\n8. Select one of the user creation types as needed:\n - **Manual** : Add users, individually, in the **User Management** window. For information on how to add users, see [Add users to the platform](/chronicle/docs/soar/admin-tasks/user-soar-only/how-do-i-add-a-new-user-to-the-platform).\n - **Just in Time** : Automatically create the user (at log in) in Google SecOps. When you select this option, an advanced tab opens with more parameters. For more information, see [Just in Time Provisioning](/chronicle/docs/soar/admin-tasks/saml-soar-only/what-is-justintime-user-provisioning).\n - **IdP Group Mapping** : Create the user automatically in Google SecOps based on the IdP group assignment. When you select this option, an advanced tab opens with more parameters. For more information on IdP group mapping, see [IdP group mapping (SOAR only)](/chronicle/docs/soar/admin-tasks/saml-soar-only/idp-group-mapping-soar-only).\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
