Configuring Google Directory Sync
Last updated
Last updated
Set up an account to authorize your Google Workspace migration or sync product.
Go to Google Cloud and sign in as a super administrator. If it's your first time signing in to the console, agree to the Terms of Service.
Click IAM & AdminManage Resources. You might have to click Menu first.
At the top, click Create Project.
Enter a project name.
(Optional) To add the project to a folder, for Location, click Browse, navigate to the folder, and click Select.
Click Create.
By default, only the creator of the project has rights to manage the project. To ensure the project can be maintained if the creator leaves the organization, you should assign at least one other person the role of Project Owner. For details, go to Manage access to projects, folders, and organizations.
Check the box next to your new project.
For Admin Sdk API you require (below), click the API name and then Enable:
Admin SDK
Tip: If you can't find the API, specify the API name in the search box.
Tip: When adding the email addresses below, use shared administrator email accounts.
For User Type, select Internal.
Click Create.
For App name, add the name of your application.
Select a User support email for users to contact with questions.
For Developer contact information, enter email addresses so Google can contact you about changes to your project.
For Service account name, enter a name for the service account.
(Optional) For Service account description, enter a description of the service account.
Click Create and Continue.
Make sure the key type is set to JSON and click Create.
You'll get a message that the service account's private key JSON file was downloaded to your computer. Make a note of the file name and where your browser saves it. You'll need it later.
Click Close.
Delegating domain-wide authority to the service account.
To delegate domain-wide authority to a service account, a super administrator of the Google Workspace domain must complete the following steps:
From your Google Workspace domain's Admin console, go to Main menu menu > Security > Access and data control > API Controls.
In the Domain wide delegation pane, select Manage Domain Wide Delegation.
Click Add new.
In the Client ID field, enter the service account's Client ID. You can find your service account's client ID in the Service accounts page.
In the OAuth scopes (comma-delimited) field, enter the list of scopes that your application should be granted access to. For example, if your application needs domain-wide full access to the Admin Directory, enter:
https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.group.readonly
Click Authorize.
Your application now has the authority to make API calls as users in your Workspace domain (to "impersonate" users). When you prepare to make these delegated API calls, you will explicitly specify the user to impersonate.
Once that's done, let's head over to our Swift UI and go to Directory Sync. Here, we will integrate Google with Swift by pasting the Connection Name, Email, and Google Credentials (previously copied).
If configured correctly, clicking on "Test Connection" should display a prompt saying that the connection was successful.
After entering the details, Add the connection to ensure it is working. Once confirmed, it is sync for google integration.
if an user wants to sync , he/she has to do it manually, click on "Sync Now".
Adding the connection will sync your organization’s users with our application. You can click on the ellipsis icon to view the user list.
User can Edit, Delete and See all users in Right three vertical dots.
Click APIs & ServicesLibrary. You might have to click Menu first.
Click APIs & ServicesOAuth consent screen. You might have to click Menu first.
Click Save and ContinueSave and ContinueBack to Dashboard.
Click APIs & ServicesCredentials. You might have to click Menu first.
Click Create CredentialsService account.
Click DoneSave.
At the top, click KeysAdd KeyCreate new key.
