[KB] Google Workspace SAML setup (#1915)

---------
Co-authored-by: Katie Horne <[email protected]>

docs/deployment/sso.md

@@ -61,12 +61,14 @@ SAML2.0 is configured through **Semgrep AppSec Platform**. To set up SSO:
     ![Finding Single sign on URL, and Audience URI via Semgrep AppSec Platform](/img/saml-copy-urls.png#md-width)
 3. From your authentication provider, copy your **IdP SSO URL** and **IdP Issuer ID** values, and download the **X509 Certificate**.
     ![Finding IdP SSO URL, IdP Issuer ID, and X509 Certificate through Okta](/img/saml-copy-IdPSSO-IdPID-and-X509.png#md-width)
-4. Return to Semgrep AppSect Platform, and paste the **IdP SSO URL** and **IdP Issuer ID** values, and upload your **X509 Certificate**.
+4. Return to Semgrep AppSec Platform, and paste the **IdP SSO URL** and **IdP Issuer ID** values, and upload your **X509 Certificate**.
     ![Filling in IdP SSO URL, IdP Issuer ID, and X509 Certificate on Semgrep](/img/saml-filling-IdpSSO-IdpID-X509.png#md-width)
 5. Select the box next to **This SSO supports non-password authentication mechanisms (e.g. MFA, X509, PasswordLessPhoneSignin)** if applicable.
 6. Click **Save** to proceed.
 
-If you encounter issues during the setup process, reach out to [[email protected]](mailto:[email protected]) for assistance.
+If you are using Google Workspace SAML, see [SAML Single Sign-on with Google Workspace](/docs/kb/semgrep-appsec-platform/saml-google-workspace) for more specific guidance.
+
+If you encounter issues during the setup process, [reach out to support](/docs/support) for assistance.
 
 ### Set up SAML SSO with Microsoft Entra ID
 

docs/kb/semgrep-appsec-platform/saml-google-workspace.md

@@ -0,0 +1,26 @@
+---
+description: Learn how to set up SAML access to Semgrep AppSec Platform with Google Workspace.
+tags:
+  - Semgrep AppSec Platform
+  - SSO
+---
+
+# SAML Single Sign-on with Google Workspace
+
+This article describes how to set up SAML Single Sign-on for Semgrep AppSec Platform with Google Workspace, including how to set up the necessary attribute mappings.
+
+Follow these steps:
+
+1. [Set up a custom SAML app](https://support.google.com/a/answer/6087519?hl=en#zippy=%2Cstep-add-the-custom-saml-app) in Google Workspace. The default **Name ID** is the primary email, and this value is optimal for use with Semgrep AppSec Platform.
+2. When you reach the **Add mapping** step of the instructions to set up a custom SAML app, add the two attribute statements that Semgrep AppSec Platform requires: `name` and `email`.
+   * The attribute mapped to `email` should be the primary email.
+   * The attribute mapped to `name` should be some form of the user's name. You can use a default attribute like the user's first name, or create a custom attribute for their full name.
+      ![Attribute mappings](/img/kb/google_attributes.png)
+3. Sign in to Semgrep AppSec Platform.
+4. Navigate to **[Settings > Access > Login methods](https://semgrep.dev/orgs/-/settings/access/loginMethods)**.
+5. Click **Add SSO configuration** and select **SAML2 SSO**.
+6. Provide a **Display name** and your **Email domain**.
+7. Copy the **SSO URL** and **Audience URL (SP Entity ID)**, and provide them to Google Workspace as the **ACS URL** and **Entity ID**, respectively.
+8. Copy your IDP metadata, including the SSO URL and Entity ID and the x509 certificate, from the custom SAML app in Google Workspace.
+9. Enter these in Semgrep AppSec Platform as the **IdP SSO URL** and **IdP Issuer ID** values respectively, and upload or paste the X509 Certificate.
+10. Click **Save** to proceed.