Skip to content

GSuite configuration

Jump to bottom
Michal Hlavac edited this page May 20, 2019 · 8 revisions

GSuite preparation

Create project

  1. Open Developer console
  2. Click on Create Project, type Project Name value Account Manager and click s Create
  3. Wait for project creation
  4. Select created project

Allow API

  1. Open APIs & Services -> Library
  2. Make sure Account Manager project is selected.
  3. Search for Google People API and then click to Enable
  4. Repeat previous step with Admin SDK

Create OAuth Consent Screen

  1. Open APIs & Services -> Credentials -> OAuth consent screen
  2. Setup e-mail
  3. Project name: "Account Manager"
  4. Click Save

Create authorization credentials for Web Application

  1. According to the instructions 1 or 2 create Web Application credentials
  2. Write e.g. "Account manager client" into Name
  3. Field Authorized JavaScript origins leave empty
  4. Field Authorized redirect URIs fill with
    • http://localhost:8181/cxf/oidc/rp/complete
  5. Click Create and save client ID and client secret.

Craete Service account and permissions

  1. According to the instructions create Service Account
  2. Write e.g. GSuite services client into Name
  3. Check Furnish a new private key and choose JSON format
  4. Check Enable G Suite Domain-wide Delegation
  5. Click Create and save JSON file
  6. Open GSuite Admin Console
  7. Check Security -> API Reference -> Enable API access
  8. According to the instructions delegate these permissions
    • https://www.googleapis.com/auth/admin.directory.group.readonly - Scope for only retrieving group, group alias, and member information.
    • https://www.googleapis.com/auth/admin.directory.user - Global scope for access to all user and user alias operations. (To synchronize password to GSuite)
    • https://www.googleapis.com/auth/admin.reports.audit.readonly (Push notifications)
Clone this wiki locally