Steps to Configure Additional Workforce Provider
Following are the steps to configure additional Workforce provider in the existing Workforce pool.
1. Log in to https://console.cloud.google.com.
2. Search for workforce identity federation in the search box.
3. Under Workforce Identity Pools, click on the Workforce Provider that you have created for Chronicle SecOps Instance.
4. Click Add provider.
5. Select SAML from the Select a provider drop-down.
6. Provide a display name. You can provide any name, but ensure the name you specify is unique.
Eg: “netenrich-companyname” , here replace “companyname” with your company name.
7. Upload the SAML file shared with you by Netenrich team.
8. Copy the Resource Name for later use.
Note: Below screenshot is for reference, do not use the names provided in the fields.
9. Add the following SAML attributes in the required fields as shown in the table.
Google Fields | SAML Fields |
google.subject | assertion.subject |
attribute.first_name | assertion.attributes.first_name[0] |
attribute.user_email | assertion.attributes.user_email[0] |
attribute.last_name | assertion.attributes.last_name[0] |
google.groups | assertion.attributes.group |
10. Click Save.
11. Note down the Workforce pool ID.
12. In your GCP Console navigate to the Menu button, “IAM & Admin”, and “IAM”, select the project created for SecOps instance.
13. Click GRANT ACCESS.
Add below principles. Replace <Pool ID> with the workforce pool ID that you have noted from earlier steps
principalSet://iam.googleapis.com/locations/global/workforcePools/<Pool ID>/group/chronicle_admin
Map to Chronicle API Admin
principalSet://iam.googleapis.com/locations/global/workforcePools/<Pool ID>/group/chronicle_viewer
Map to Chronicle API Viewer
14. Log in to Chronicle Instance.
15. Navigate to SIEM Settings-->User & Groups.
16. Click Assign New.
17. Under IDP Groups, type chronicle_admin.
18. Select Administrator from the Assign Role drop-down.
19. Click Assign.
20. Similarly add chronicle_viewer and assign role as Viewer.
21. Map the following groups in IDP mapping for SOAR.
22. Navigate to Settings ->SOAR Settings ->IDP Group Mapping.
23. Click the + icon.
24. For IDP group, type chronicle_admin.
25. For permission group, select Admins.
26. For SOC Role, select Administrator.
27. Similarly add chronicle_viewer and assign role as view-only.
28. For SOC role, select Tier1.
29. Share the Resource name (from Step 8) to Netenrich team.
Comments
0 comments
Please sign in to leave a comment.