Google™ as a Directory Setup Guide
This document is supplementary to the information contained in the Smoothwall Product Documentation, which is available from the Support section of our smoothwall.com website: http://smoothwall.com/technology/support. Google™ as a Directory
Setup Guide
Introduction
Google as a Directory Service allows Google users to be filtered using their Google Apps accounts and group memberships.
Contents
GOOGLE™ AS A DIRECTORY SETUP GUIDE ...... 1
INTRODUCTION ...... 2
PART 1: CREATING A SERVICE ACCOUNT ...... 3
PART 2: AUTHORIZE THE API ...... 8
PART 3: COMPLETE THE SMOOTHWALL FIELDS AND SYNC ...... 10
Page | 2
11 March 2016 Google™ as a Directory
Setup Guide
Part 1: Creating a Service Account
You must create a Service Account, and download it in a JSON format to allow the Smoothwall to read your Google Apps domain group and user information:
1. Go to https://console.developers.google.com and log in as an admin user.
If it is the first time you login as a new user you will be prompted to accept the Google terms and conditions.
2. Create a new project.
3. Enter a suitable Project Name, for example, Smoothwall Login. Project ID is automatically filled in and does not need to be changed.
4. Click Create.
5. Once the page has refreshed and the project has been created, click Enable and manage APIs.
Page | 3
11 March 2016 Google™ as a Directory
Setup Guide
6. From the API Manager menu, click Credentials.
7. Click New credentials > Service account key.
8. Under Service account, select New service account.
9. Enter an appropriate name
Page | 4
11 March 2016 Google™ as a Directory
Setup Guide
10. Under Key type, select JSON.
11. Click Create.
Note: Keep this key safe as you will not be able to download a new copy of it if lost. You will need it for the next step.
12. From the main Google Developers menu, select Permissions.
13. Select Service accounts from the top menu.
Page | 5
11 March 2016 Google™ as a Directory
Setup Guide
14. Click the menu icon for the Service account created in step 8, and select Edit from the drop-down menu.
15. Select Enable Google Apps Domain-wide Delegation.
Note: Without this, the Client ID won’t be generated.
16. Click Save.
17. Navigate back to the API Manager Credentials page (see steps 4 and 5). You will notice a new entry in the OAuth 2.0 client IDs list which is the name of the Service Account you created, prefixed by Client for.
Make note of this client ID.
Page | 6
11 March 2016 Google™ as a Directory
Setup Guide
18. Navigate back to the API Manager Overview page.
19. Go to Google Apps APIs > Admin SDK.
20. At the top of the page, click Enable API.
21. Log out of the Google Developers Console.
Page | 7
11 March 2016 Google™ as a Directory
Setup Guide
Part 2: Authorize the API
You need to authorize the API you created in JSON format in the Google Admin Console.
1. Go to https://admin.google.com and log in as an admin user.
2. Select Security.
3. Select API reference.
4. Select Enable API access.
5. Click Show more > Advanced Settings.
Page | 8
11 March 2016 Google™ as a Directory
Setup Guide
6. From the Authentication section, select Manage API client access.
7. In the Authorized API clients > Client Name field, enter the Client ID for the Google Service Account created in Part 1: step 17.
8. Under One or More API Scopes, enter the following, separated by a comma: https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis .com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/admin.direc tory.user.readonly
9. Click Authorize.
10. Log out of the Google Admin console.
Page | 9
11 March 2016 Google™ as a Directory
Setup Guide
Part 3: Complete the Smoothwall fields and Sync
You must now configure a Google directory connection on your Smoothwall to synchronize your Google usernames and group configuration.
1. From the Smoothwall administration user interface, go to Services > Authentication > Directories.
2. Configure a new Google direction connection.
3. From the Directory table, hover over the new Google directory added and click Sync. This may take some depending on the size of your Google Apps domain.
For a detailed description of how to use the Services > Authentication > Directories page, go to:
https://help.smoothwall.com/Framlingham/Content/modules/auth/cgi-bin/auth/directories.htm.
Page | 10
11 March 2016