Google • Overview, on page 1 • Getting Started, on page 1 Overview Figure 1: OpenID Connect 1. Request an IdP integration with Cisco. 2. Cisco sends you a questionnaire for you to complete and return. 3. Create a new client app on your IdP. Send its client ID and client secret to Cisco. 4. Cisco configures a third-party IdP that establishes trust with your IdP app. 5. Cisco asks you to test the implementation and verify that it works. Getting Started Before you begin • You must have a relevant Google project already created. Google 1

Google - cisco.com · Google •Overview,onpage1 •GettingStarted,onpage1 Overview Figure1:OpenIDConnect 1. RequestanIdPintegrationwithCisco. 2

Download PDF Report

Upload
others
View
3
Download
0

Embed Size (px)

Citation preview

Google

• Overview, on page 1• Getting Started, on page 1

OverviewFigure 1: OpenID Connect

1. Request an IdP integration with Cisco.

2. Cisco sends you a questionnaire for you to complete and return.

3. Create a new client app on your IdP. Send its client ID and client secret to Cisco.

4. Cisco configures a third-party IdP that establishes trust with your IdP app.

5. Cisco asks you to test the implementation and verify that it works.

Getting StartedBefore you begin

• You must have a relevant Google project already created.

Google1
• Request a third-party IdP integration with Cisco.

• Respond to the questionaire from Cisco.

Step 1 Sign in to the Google Cloud Platform developers console, and select the relevant project.Step 2 Go to Credentials > Create Credentials > OAuth Client ID.Step 3 Select the Web application application type.

• Enter a name for your OAuth client.

• For Restrictions Authorized redirect URIs, add the redirect URI of the third-party IdP from Cisco ashttps://sign-on.security.cisco.com/oauth2/v1/authorize/callback.

Step 4 Leave all other values at their defaults, and click Create.Step 5 Copy the OAuthClient ID andClient Secret, and send them to Cisco, which they'll use when configuring the third-party

IdP.Step 6 Navigate to the OAuth consent screen:

• Application name = SecureX Sign-On

• Application type = Public

• Application logo = (upload the SecureX sign-on logo from Cisco)

• Support email = (change to your support admin on the organizational level)

• Authorized domains = (only top level domains such as cisco.com)

• Application Homepage link = https://sign-on.security.cisco.com

• Application Privacy Policy link =https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-secure-sign-on-privacy-data-sheet.pdf

• Application Terms of Service link =https://www.cisco.com/c/en/us/about/legal/cloud-and-software/universal-cloud-agreement.html

Step 7 Leave all other values at their defaults, and click Submit for verification.Step 8 Provide your email for questions or requests from Google during the verification process. While the verification process

can take up to 6 weeks, in some cases they respond within 12 hours. We can still use this before verification, but on theconsent screen, the logo and application will not be seen.

What to do next

Cisco will:

• create and configure the new IdP

• ask you to test the implementation afterwards

• ask you to verify that your SSO works correctly

• help you troubleshoot and resolve any issues

Google2

GoogleGetting Started

GoogleOverviewGetting Started