Change the SSO configuration of a Google SecOps instance

Supported in:

Google secops SIEM

This document describes how to change the identity provider (IdP) of a Google SecOps instance. You might need to do this to switch to a different third-party IdP or to migrate from a third-party IdP to Cloud Identity.

This document covers the following procedures:

Change the third-party identity provider
Migrate from a third-party identity provider to Cloud Identity

Change the third-party identity provider

This section describes how to change your Google SecOps instance to use a different third-party identity provider. Complete the following steps:

Set up the new third-party identity provider and workforce identity pool.
In Google SecOps, under Settings > SOAR settings > Advanced > IDP group mapping, change the IdP group mapping to reference groups in the new identity provider.

Important: If you don't change this configuration before changing the identity provider in the following steps, you get an HTTP 403 error when accessing Google SecOps. If this happens, contact Google SecOps Support or your Google representative.

Update SSO settings

Complete the following steps to change the SSO configuration for Google SecOps:

Open the Google Cloud console, and then select the Google Cloud project that is linked to Google SecOps.
Go to Security > Google SecOps.
On the Overview page, click the Single Sign-On tab. This page displays the IdPs you configured when Configuring a third-party identity provider for Google SecOps.
Use the Single Sign-On menu to change SSO providers.
Right-click the Test SSO setup link, and then open a private or incognito window.
- If you see a login screen, then SSO setup is successful. Continue with the next step.
- If you don't see a login screen, check the configuration of the third-party identity provider. See Configure a third-party identity provider for Google SecOps.
Return to Google Cloud console, click the Security > Google SecOps > Overview page, and then click the Single Sign-On tab.
Click Save at the bottom of the page to update the new provider.
Verify that you can sign in to Google SecOps.

Migrate from third-party identity provider to Cloud Identity

This section describes how to change the SSO configuration from using a third-party identity provider to Google Cloud Identity. Complete the following steps:

Make sure you configure either Cloud Identity or Google Workspace as the identity provider.
Grant the predefined Chronicle IAM roles and custom roles to users and groups in the Google SecOps-bound project.
Grant the Chronicle SOAR Admin role to the relevant users or groups.
In Google SecOps, under Settings > SOAR settings > Advanced > IDP group mapping, add the Chronicle SOAR Admin. For more information, see IdP group mapping.

Important: You must update this configuration before changing the IdP in the following steps. Skipping this step results in an HTTP 403 error when accessing Google SecOps. If you encounter this error, contact Google SecOps Support or your Google representative.
Open the Google Cloud console, and then select the Google Cloud project is linked to Google SecOps.
Go to Security > Chronicle SecOps.
On the Overview page, click the Single Sign-On tab. This page displays the IdPs you configured when Configuring a third-party identity provider for Google SecOps.
Select the Google Cloud Identity checkbox.
Right-click the Test SSO setup link, and then open a private or incognito window.
- If you see a login screen, then SSO setup is successful. Continue with the next step.
- If you don't see a login screen, check the configuration of the identity provider.
Return to Google Cloud console, and then click Security > Chronicle SecOps > Overview page > Single Sign-On tab.
Click Save at the bottom of the page to update the new provider.
Verify that you can sign in to Google SecOps.

Need more help? Get answers from Community members and Google SecOps professionals.