GSuite configuration

GSuite preparation

Create project

1. Open Developer console
2. Click on Create Project, type Project Name value Account Manager and click s Create
3. Wait for project creation
4. Select created project

Allow API

1. Open APIs & Services -> Library
2. Make sure Account Manager project is selected.
3. Search for Google People API and then click to Enable
4. Repeat previous step with Google+ API and Admin SDK

Create OAuth Consent Screen

1. Open APIs & Services -> Credentials -> OAuth consent screen
2. Setup e-mail
3. Project name: "Account Manager"
4. Click Save

Create authorization credentials for Web Application

1. According to the instructions 1 or 2 create Web Application credentials
2. Write e.g. "Account manager client" into Name
3. Field Authorized JavaScript origins leave empty
4. Field Authorized redirect URIs fill with
   • https://localhost:8443/cxf/oidc/rp/complete
5. Click Create and save client ID and client secret.

Craete Service account and permissions

1. According to the instructions create Service Account
2. Write e.g. GSuite services client into Name
3. Check Furnish a new private key and choose p12 for private key format
4. Check Enable G Suite Domain-wide Delegation
5. Click Create and save p12 file and private key password
6. Open GSuite Admin Console
7. Check Security -> API Reference -> Enable API access
8. According to the instructions delegate these permissions
   • https://www.googleapis.com/auth/admin.directory.group.readonly - Scope for only retrieving group, group alias, and member information.
   • https://www.googleapis.com/auth/admin.directory.user - Global scope for access to all user and user alias operations. (Don't need if you don't want to synchronize password to GSuite)