SSLVPN authentication with SAML and Google Workspace

This article explains how to configure SSLVPN authentication using SAML and Google Workspace. When a user tries to connect to the SSLVPN, the firewall generates a SAML request, which redirects the user to Google Workspace (acting as the Identity Provider). The Identity Provider authenticates the user and generates a SAML response. The firewall then verifies the SAML response and logs the user in.

Resolution for SonicOS 7.X

This release includes SLVPN authentication using SAML and Google Workspace. The below resolution is for customers using SonicOS 7.X firmware.

Step 1:

To configure SAML service provider, navigate to device > user> settings> SAML Service Provider> Configure.
Add SAML service Provider, select type as domain and service and SSLVPN then save








Export Service Provider Metadata 




Save the exported metadata in PC downloads.


Step 2 : 


Open your Google Workspace, navigate to Directory > Groups, and then click on Create Group.

To configure Access type please select the options as below,










After creating group, add memen=bers as below :






After adding the member to the group, navigate to APPS>  Web and Mobile apps> Add App> Add custom SAML App.







Save the Metadata and click continue.
















Step 3 : 

After configuring the groups and adding users in Google Workspace, log in to the SonicWall UI and navigate to:
Device > User Settings > SAML Configuration > SAML Identity Provider, then click Configure.

Add the Metadata which is downloaded from google workspace,






Configure SAML Profile :








Navigate to Network> SSLVPN > Server settings, select the autehntication type as SAML



After adding Autheication type, Configure SAML profile as below :