Onboarding Users onto Dune Security from Google Workspace

Complete service account creation, SSO setup, API scopes configuration, and SCIM provisioning.

Overview

Integrating Dune Security with Google Workspace enables robust identity management, supporting user provisioning, SSO, and enhanced security controls.

Pre-Session Requirements

Before you begin the integration, ensure that you have:

• Admin access to Google Workspace.
• Admin access to your Dune Security account.
• The necessary API tokens and credentials for both platforms.

Step-by-Step User Onboarding

1. Set Up and Configure Single Sign-On (SSO)

1. Access Google Admin Console:
   • Go to Apps > Web and mobile apps.
2. Create a New Application:
   • Click Add app > Add custom SAML app.
   • Enter Dune Security and continue.
3. Configure SSO in Dune Security:
   • In a new tab, go to SSO Settings in Dune Security.
4. Add SAML Certificates:
   • Manually input:
     • SSO URL
     • Entity ID
     • Certificate
   • Enter email domains and click Submit.
5. Complete Basic SAML Configuration:
   • Use values from Dune Security:
     • ACS URL: From Application Details
     • Entity ID: From Application Details
     • Start URL: https://dune.security/login/
   • Click Continue, then Submit.
6. SAML Attribute Mapping:
   • Google Directory Attributes: Primary email
   • App attributes: email
7. Finalize Setup:
   • Download SAML metadata from Google Admin Console and upload to Dune Security.

2. Create a Service Account in Google Cloud (DMI)

1. Log in to Google Cloud Console:
   • Go to Google Cloud Console and sign in with your admin credentials.
2. Create a New Project:
   • Select or create a new project for the service account.
3. Enable Admin SDK API:
   • Navigate to APIs & Services > Library.
   • Search for "Admin SDK" and enable it.
4. Create a Service Account:
   • Go to IAM & Admin > Service Accounts.
   • Click Create Service Account and provide a name and description.
   • Click Create and Continue, then assign Service Account Admin and Service Account User roles.
   • Click Done.

3. Configure Domain-Wide Delegation (DMI)

1. Enable Domain-Wide Delegation:
   • Navigate to IAM & Admin > Service Accounts.
   • Select the service account and click Edit.
   • Check Enable G Suite Domain-wide Delegation and save changes.
2. Authorize API Scopes:
   • Go to admin.google.com.
   • Navigate to Security > API Controls > Manage Domain-Wide Delegation.
   • Click Add New, enter the service account’s Client ID.
   • Add OAuth scopes:
     • https://www.googleapis.com/auth/admin.directory.group
     • https://www.googleapis.com/auth/admin.directory.user
   • Click Authorize.
3. Generate a JSON Key:
   • Select the new service account.
   • Go to the Keys tab and click Add Key > Create New Key.
   • Select JSON and click Create. Save the file securely.

4. Configure Dune Security to Use Google Workspace Service Account (DMI)

1. Log in to the Dune Security Admin Console:
   • Sign in to your admin account.
2. Add Google Workspace Integration:
   • Go to Integrations and select Google Workspace.
   • Upload the JSON key file and save configuration.

Post-Setup Verification

1. Test SSO Login

• Visit Dune Security login page and select Google Workspace SSO.

2. Verify User Provisioning

• Check Dune Security admin panel to ensure correct provisioning.

3. Monitor and Troubleshoot

• Regularly review logs in both platforms for issues.
• Contact support if needed.

Next Steps

Ensure email deliverability by implementing DMI with Google Workspace before launching your Baseline Risk Assessment.