Swift Security Docs
  • Introduction to Swift Security
  • Onboarding
    • Tenant Setup
    • Product Deployments
      • Browser Extension
      • LLM Guardrails
        • LLM Guardrails API Integration
      • VS Code IDE Extension
    • Directory Sync
      • Configuring Google Directory Sync
      • Configuring Microsoft Directory Sync
    • MDM
      • Extension Deployment Via Google Workspace
      • Extension deployment via google workspace + MDM at device level
      • Extension Deployment Via Microsoft Intune
        • Chromium Browsers in Windows
        • Edge Browsers in Windows
        • Firefox Browsers in Windows
      • Extension Deployment Via Kandji
        • Chromium Browsers in Mac
    • Infrastructure
      • SaaS Model
      • Hybrid deployment (coming soon)
  • SSO (Single Sign-On)
    • SSO Configurations identity provider - Google workspace
  • Administrative Guide
    • Console Users
      • Role Creation
      • RBAC General Settings for Login Methods (for the Console)
      • User Creation
      • SSO login(okta)
    • Swift Detection Engines
      • Data Identifiers
        • Custom Data Identifiers
      • EDM Dictionaries
        • EDM Rule
        • EDM Profile
        • EDM Extension Policy
      • Data Rules
        • Custom Rules
      • Data Profiles
      • LLM Guardrail Scanners
        • Data Protection Scanner
        • Gibberish Scanner
        • Ban Substrings Scanner
        • Invisible Text Scanner
        • Code Scanner
        • Language Scanner
        • Sentiment Analysis Scanner
        • Jailbreak Scanner
        • Toxicity Scanner
        • Prompt Injection Scanner
        • Token Limit Scanner
        • Reading Time Scanner
        • Language Same Scanner
        • No Refusal Scanner
        • Factual Consistency Scanner
        • Bias Detection Scanner
        • URL Reachability Scanner
        • Nudity Scanner
        • Gender Scanner
        • Celebrity Scanner
        • Face Scanner
        • Race Scanner
        • Performance and Benchmark
    • Browser Extension
      • Extension Installation
      • Granular Policies
        • Control URL access
        • Protect company data
        • Protect against Threats (Coming Soon)
      • Extension Alerts
      • Extension Events
      • Extension Popups
      • Browser Extension Coverage
    • LLM Guardrails
      • LLM Guardrails Policies
      • LLM Guardrails Alert
      • LLM Guardrails Events
    • Regulation Laws
  • Assets
    • Applications
    • Users
    • Extensions
  • Integration
    • Notification
      • Jira
      • ServiceNow
      • Slack
      • Splunk
    • Forensic
    • Feature
      • Rules Glossary
        • United States
        • Canada
        • Latin America
        • European Union
        • Australia
        • APAC (Asia-Pacific)
        • EMEA Countries
        • Others
      • Data identifiers Glossary
        • United States
        • Canada
        • Latin America
        • European Union
        • Australia
        • APAC (Asia-Pacific)
        • EMEA Countries
        • Others
      • Supported MIME Types
      • Supported OCR Format
    • Manage unauthorized access from unmanaged browser
  • Settings
    • Manage Reasons
    • Audit Log
  • Release Notes
    • Version - 1.27
    • Version - 1.26
    • Version - 1.25
    • Version - 1.24
    • Version - 1.23
    • Version - 1.16
    • Version - 1.15
    • Version - 1.14
    • Version - 1.13
    • Version - 1.12
    • Version - 1.11
    • Version - 1.10
    • Version - 1.09
    • Version - 1.08
    • Version - 1.07
    • Version - 1.06
    • Version - 1.05
    • Version - 1.04
    • Version - 1.03
    • Version - 1.02
    • Version - 1.01
Powered by GitBook
On this page
  • Step 1: Create a project
  • Step 2: Turn on the APIs for the service account
  • Step 3: Set up the OAuth consent screen
  1. Onboarding
  2. Directory Sync

Configuring Google Directory Sync

PreviousDirectory SyncNextConfiguring Microsoft Directory Sync

Last updated 1 month ago

Set up an account to authorize your Google Workspace migration or sync product.

Step 1: Create a project

Go to and sign in as a super administrator. If it's your first time signing in to the console, agree to the Terms of Service.

At the top, click Create Project.

Enter a project name.

(Optional) To add the project to a folder, for Location, click Browse, navigate to the folder, and click Select.

Click Create.

Your Project Dashboard.

Step 2: Turn on the APIs for the service account

For Admin Sdk API you require (below), click the API name and then Enable:

  • Admin SDK

Enable Amin SDK API

Tip: If you can't find the API, specify the API name in the search box.

Step 3: Set up the OAuth consent screen

Tip: When adding the email addresses below, use shared administrator email accounts.

Click on Get started

For App name, add the name of your application.

Select a User support email for For users to contact you with questions about their consent.

Click on Next.

For Audience, select Internal.

Click on Next.

Contact information - These email addresses are for Google to notify you about any changes to your project.

Click on Next.

Tick the box, click Continue, and then click Create.

After creating Looks like this.

Step 4: Create the service account

For Service account name, Enter a Name for the service account.

(Optional) For Service account description, enter a description of the service account.

Click Create and Continue.

Click Done.

Click on service Accounts Email id

This Unique ID is the Client ID, and you need to copy it. It will be used in Domain-Wide Delegation Authority.

Make sure the key type is set to JSON and click Create.

You'll get a message that the service account's private key JSON file was downloaded to your computer. Make a note of the file name and where your browser saves it. You'll need it later.

Click Close.

Open My Files, go to Downloads, and locate the JSON file that was downloaded.

Open it in VS Code or Notepad (or any other editor), then copy the entire JSON file and save it.

Delegating domain-wide authority to the service account.

To delegate domain-wide authority to a service account, a Google Admin user of the Google Workspace domain must complete the following steps:

In the Domain wide delegation pane, select Manage Domain Wide Delegation.

Click on Add new.

  • In the OAuth scopes (comma-delimited) field, enter the list of scopes that your application should be granted access to. For example, if your application needs domain-wide full access to the Admin Directory, enter:

Click Authorize.

Your application now has the authority to make API calls as users in your Workspace domain (to "impersonate" users). When you prepare to make these delegated API calls, you will explicitly specify the user to impersonate.

Once that's done, let's head over to our Swift UI and go to Directory Sync. Here, we will integrate Google with Swift by pasting the Connection Name, Email(Enter your Google Admin User mail id), and Google Credentials (previously JSON copied).

If configured correctly, clicking on "Test Connection" should display a Google test connection is successful.

After entering the details, Add the connection to ensure it is working. Once confirmed, it is sync for google integration.

if an user wants to sync , he/she has to do it manually, click on "Sync Now".

Adding the connection will sync your organization’s users with our application. You can click on the ellipsis icon to view the user list.

User can Edit, Delete and See all users in Right three vertical dots.

Click IAM & AdminManage Resources. You might have to click Menu first.

By default, only the creator of the project has rights to manage the project. To ensure the project can be maintained if the creator leaves the organization, you should assign at least one other person the role of Project Owner. For details, go to .

Click Cloud overviewDashboard. You might have to click Menu first.

Click APIs & ServicesLibrary. You might have to click Menu first.

Click APIs & ServicesOAuth consent screen. You might have to click Menu first.

Click APIs & ServicesCredentials. You might have to click Menu first.

Click Create CredentialsService account.

At the top, click KeysAdd KeyCreate new key.

From your Google Workspace domain's , go to Main menu > Security > Access and data control > API Controls.

In the Client ID field, enter the service account's Client ID(Paste the Client ID you copied). You can find your service account's client ID in the .

Manage access to projects, folders, and organizations
Admin console
Service accounts page
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.group.readonly
Google Cloud