Deployment Task

This article will help you create a custom role (attribute) in Google's G Suite administrative console.  This is useful if you are authenticating users to the Aqua console with Google acting as your identity provider.  The steps below assume that:

  • You have an established organization within G Suite
  • You have the ability to make administrative changes to the User Schema and the User Accounts.  
  • You have already created a SAML configuration for Aqua within G Suite (if not, please visit this Documentation, skip to Step 3)


Deployment Steps

G Suite Configuration

  1. Login to
  2. Click the Admin Console button:
  3. Click the Users button:
  4. Click on the Custom Attributes button near the top, right corner of the Users page:
  5. Click the Add Custom Attributes button near the top, right corner of the page:
  6. Add the new custom attribute by providing an attribute category for the schema.  Provide a name for the custom field.  Choose "Text" as the Info Type.  For Visibility, you can optionally choose to make the attribute viewable only to the admin or to the entire domain.  For "No. of values", you can choose to have a single value, or multiple values, but a single value will be sufficient for defining the Aqua role. 
  7. Assign the role to your existing SAML App configuration by navigating to Apps >> SAML Apps, and click on your SAML configuration for Aqua. 
  8. Click on Add New Mapping, and then select the role created above.  The name you choose for this attribute must match the name you provided in the Aqua Configuration steps below.
  9. Click Save.

Aqua Configuration

  1. Login to the Aqua Console UI.
  2. Navigate to System >> Integrations >> SAML Authentication
  3. If you have not done so already, configure Aqua for SAML authentication with Google:  Documentation
  4. Under Role Attribute, add the attribute name created in Step 8 above.  In the above example, this is "aqua_role".  

Related Articles