Skip to main content

Configuring Google Directory Sync

Updated

Create a Project

You will first need to create a project.

1.    Log in to Google here, https://console.developers.google.com/permissions/serviceaccounts

2.    Select a project.

3.    Click the + sign to add a new project.

4.    Enter the 'Project Name' and 'Location' and click the Create button. Please make note of the 'Organization' name as it will be need later.

5.    Click the Create service account button.

6.    In the 'Create service account' window, make sure you select the Furnish a new provide key of the JSON type, and Enable G Suite Domain-wide Delegation.

7.    Enter a name in the 'Product name for the consent screen' and click the Create link.

Downloaded JSON File

1.    Once you hit create you will download a JSON file that will be required to upload to the WebCheck product to enable and configure Google Directory Sync.

2.    Once complete you should see your newly create service account.

3.    You will need to copy the service account Client ID to grant domain wide delegation. 

4.    Click the View Client ID link.

5.    Copy the complete Client ID, in the above it is the 1087..... number.  You will need this in your Google GSuite Admin. 

6.    Click Cancel to dismiss the window.

7.    You will now need to enable the Admin SDK.

Enable the Admin SDK

1.    Click the API & Services button.

2.    Click the Enable APIs and Services button.

3.    Search for and select the Admin SDK.

4.    Click the Enable button.

Logging in to the GSuite Admin Console

1.    Log in to the GSuite Admin Console, http://admin.google.com/.

2.     You will want to follow this process.

3.    Select Security from the list of controls. If you don't see Security listed, select More controls from the gray bar at the bottom of the page, then select Security from the list of controls.

4.    Select Advanced settings from the list of options.

5.    Select Manage API client access in the Authentication section.

6.     In the Client Name field enter the service account's Client ID

7.     Add the following to the 'One or More API Scopes field:

https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.group

8.    Click the Authorize button.

9.    On the WebCheck system you will require:

  • JSON file downloaded earlier

  • Email address

  • Organization.

In the WebAdmin

1.    Go to Tools > Directory Sync Settings.

2.    Click the Add Search Base button.

3.    Add your 'Search Base Name' that is displayed in the table. The Search Base Name is a name to identify this search base to WebCheck and can be any name.

4.    Check Enable Directory Sync Service

5.    Select Google Directory.

6.    Enter the Account Email.  The 'Account Email' you enter here is the account email you use to log in to admin.google.com to manage your domain. This is normally an account in the format of accountName@example.com.

7.    Enter the Organization. The 'Organization' is the Location or the domain that is managed by Google.  This will be a valid domain name like example.com.

8.    Upload the file downloaded earlier and click Submit.  The Search Base is added.

9.    Click the Search Base to open it.

10.Add a Prefix by clicking the Add Prefix link. Every Top-Level group with the prefix will be synced into the WebAdmin for filtering. Please see DirSync documentation for more information on using the prefix for filtering.

11.Click the checkbox in the top left corner of the Search Base Enabled checkbox to enable the Search Base.

12.Click Submit to save the information.

13.The Google Search Base is updated.

 

Additional Google Configuration Options

Appending a Name to a Search Base

Sometimes identical Group or Client names can occur in different search bases or elsewhere in the WebAdmin. The directory synchronization service treats identical names as the same name unless you distinguish them by using the ‘Append Group’ and ‘Append Client’ fields to show their different origins.

For example, you can distinguish a group named seniors from the search base 'retirementhome' from a group named seniors from the search base 'highschool' by appending different identifiers to the name senior, depending on the applicable searchbase name – for example, seniors@retirementhome and seniors@highschool.

Similarly, you can distinguish a client named J_Doe from the search base BusinessA from a client named J_Doe from the search base BusinessB by appending the search base name to the client name – J_Doe@BusinessA and J_Doe@BusinessB.

Clone from Group

The 'Clone from Group' option allows you to use another Group as a Template when adding a Group.

Name Attribute

The 'Name Attribute' changes the attribute used for the Client's Username.

Assigning a Manager to a Search Base

You can assign an Account Manager to a search base. This could be a SysOp account.

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk