Versions Compared

Old Version 2

changes.mady.by.user Mike Weaver

Saved on

compared with

New Version 3

changes.mady.by.user Mike Weaver

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Cleaned up a little layout, removed deprecated section

Configuring Google Driver Authentication and Authorization

Table of Contents

Overview

The Google OAuth system was built with the concept that a human would be at a browser to authorize software to access the API at the time of access. Software such as the Google IDM connector requires a different setup for authentication and authorization. To accomplish this, it is necessary to enable the connector to authenticate to the API service with a service account, assume the admin permission via a designated admin account, and be pre-authorized to access the required API endpoints.

...

Google changes the look and feel of their admin web interface on a regular basis. Sometimes the interface will be different for two different domains at the same time. An unfortunate result of this is that any set up guide which relies on screen shots or video will become rapidly out of date. The core process remains the same, however. Following the key steps listed above will result in a functional connection, even if the specific screens differ from what are shown in this guide.

Best Practices

When setting up the API project, be sure to add other secure accounts to the project to prevent losing access. Access to the API project is necessary to recreate the service account credential, enable new or different API end points, or manage the quotas or limits.

It is suggested that the IDM connector have its own API project to better manage credentials and API limits.

A note on parent and child Google domains

If your environment consists of multiple Google domains linked in a parent-child relationship, it is possible, even desirable, to create a single driver access account for use with all of the domains. For this to work, the domain administrator should be created in the parent domain and have the “super admin” permission granting it access to all child domains.

...

Record the login information in a secure manner for future use.

...

If you have never used an API service with the domain, it will be necessary to enable API access. With the domain admin account logged into the admin dashboard, access the API enable feature under the security widget or side menu.

Create API Project

The next step is to set up an API project in the Google cloud console. The console may be reached at https://console.cloud.google.com

...