Table of Contents | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Overview
The Google OAuth system was built with the concept that a human would be at a browser to authorize software to access the API at the time of access. Software such as the Google IDM connector requires a different setup for authentication and authorization. To accomplish this, it is necessary to enable the connector to authenticate to the API service with a service account, assume the admin permission via a designated admin account, and be pre-authorized to access the required API endpoints.
...
Create a domain administrator in the Google domain to serve as the connector’s persona for domain activity
Create an API Developer project
Owns the service account credentials
Controls API end point activation
Tracks API usage quotas
Create a service account in the API project
Grant permission in the domain for the service account to interact with the domain via the API REST endpoints
A note about Google’s administrative interfaces
Google changes the look and feel of their admin web interface on a regular basis. Sometimes the interface will be different for two different domains at the same time. An unfortunate result of this is that any set up guide which relies on screen shots or video will become rapidly out of date. The core process remains the same, however. Following the key steps listed above will result in a functional connection, even if the specific screens differ from what are shown in this guide.
...
Code Block | ||
---|---|---|
| ||
https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.group.member, https://www.googleapis.com/auth/admin.directory.orgunit, https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.user.alias, https://www.googleapis.com/auth/admin.directory.user.security, https://www.googleapis.com/auth/admin.directory.userschema, https://www.googleapis.com/auth/userinfo.profile, https://www.googleapis.com/auth/userinfo.email, httphttps://www.googlegoogleapis.com/m8auth/feedscontacts, https://www.googleapis.com/auth/contacts.readonly, https://www.googleapis.com/auth/apps.groups.settings, https://www.googleapis.com/auth/admin.directory.rolemanagement, https://www.googleapis.com/auth/gmail.settings.basic, https://www.googleapis.com/auth/gmail.settings.sharing, https://www.googleapis.com/auth/gmail.labels, https://apps-apis.google.com/a/feeds/emailsettings/2.0/ |
https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.group.member, https://www.googleapis.com/auth/admin.directory.orgunit, https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.user.alias, https://www.googleapis.com/auth/admin.directory.user.security, https://www.googleapis.com/auth/admin.directory.userschema, https://www.googleapis.com/auth/userinfo.profile, https://www.googleapis.com/auth/userinfo.email, http://www.google.com/m8/feeds, https://www.googleapis.com/auth/contacts.readonly, https://www.googleapis.com/auth/apps.groups.settings, https://www.googleapis.com/auth/admin.directory.rolemanagement, https://www.googleapis.com/auth/gmail.settings.basic, https://www.googleapis.com/auth/gmail.settings.sharing, https://www.googleapis.com/auth/gmail.labels
...