Symantec Web Security Service (WSS) cloud application
You must be signed in as a super administrator for this task.
Using Security Assertion Markup Language (SAML), your users can use their Google Cloud credentials to sign in to enterprise-cloud applications.
Set up SSO via SAML for Symantec Web Security Service (WSS)
Here's how to set up single sign-on (SSO) via SAML for the Symantec Web Security Service (WSS)® application.
Step 1: Set up Google as a SAML identity provider (IdP)-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Apps
SAML apps.
To see Apps on the Home page, you might have to click More controls at the bottom.
- Click the plus (+) icon at bottom right.
- Locate and click SymantecWSS in the application list.
- On the Google IDP Information page:
- Copy and save the SSO URL and Entity ID.
- Download the Certificate.
- Click Next.
The Basic information window shows the Application name and Description seen by users.
- Click Next.
On the Service Provider Details page, the ACS URL and Entity ID values for Symantec Web Security Service are configured by default.
- Click Finish.
- Click OK.
- On the Settings for SymantecWSS page, click Attribute Mapping
Add New Mapping.
- Enter the following information for the new mapping:
- Application attribute: group
- Select category: Employee Details
- Select user field: Department
- Click Save.
- Open a new incognito browser window.
- Sign in to the Symantec Web Security Service portal at https://portal.threatpulse.com with your organization's Symantec Web Security Service administrator account.
- Click Solutions at top left, then click Service.
- Click the Authentication tab, then the SAML tab.
- Enter or select the following values:
- Entity ID: the Entity ID you copied in Step 1 above.
- Endpoint URL: the SSO URL you copied in Step 1.
- Endpoint Type: Post Endpoint
- Group Attribute: group
- Click Add New Certificate and paste the certificate you downloaded in Step 1 into the certificate window.
- Click OK.
- Click Save.
- Click the Network tab at top, then click the Locations tab.
- Click Add Location.
- In the Add Location dialog, enter a Location Name for the new network, an Access Method, and other required information.
For more information on adding network locations, see "Add a Service Access Location" in the Symantec Web Security Service Solutions WebGuide.
- Click Save.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Apps
SAML apps.
To see Apps on the Home page, you might have to click More controls at the bottom.
- Select SymantecWSS.
-
At the top right of the gray box, click Edit Service
.
-
To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
-
To turn on or off a service only for users in an organizational unit:
- At the left, select the organizational unit.
- Select On or Off.
- To keep the service turned on or off even when the service is turned on or off for the parent organizational unit, click Override.
- If the organization's status is already Overridden, choose an option:
- Inherit—Reverts to the same setting as its parent.
- Save—Saves your new setting (even if the parent setting changes).
Learn more about organizational structure.
- Ensure that your Symantec Web Security Service (WSS) user account email IDs match those in your Google domain.
- Open a new browser window and open your browser's network settings > proxy settings.
- Set proxy settings to "proxy.threatpulse.net:8080", and save.
- In your browser, navigate to any website. You should be automatically redirected to the Google sign in page.
- Enter your sign in credentials.
- After your sign in credentials are authenticated, you should be redirected back to the website you were browsing.