In order to use Google Workspace Client authentication, you have to create a service account.
This will enable you to validate users against Google and synchronize Groups for Access Control
Please, follow the steps from the following link https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount.
As part of the key creation process, a private key is generated as a JSON file. Save it in a safe place on your computer because you will have to copy its content into Secret JSON file content form field.
Next step is to delegate the service account that you have created for domain-wide authority.
Please, follow the steps from the following link https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority.
You will need the following scopes for SAFEQ Cloud communication:
• https://www.googleapis.com/auth/admin.directory.user.readonly
• https://www.googleapis.com/auth/admin.directory.group.member.readonly
• https://www.googleapis.com/auth/admin.directory.group.readonly
In the Google Workspace authentication provider form creation, you have to enter the account name that has a super admin role (not service account name!) and paste the content of the JSON file you saved before. Please, make sure that the JSON file content is wrapped in curly braces { } when you paste it. Then press “TEST” to make sure you get “OK”. You can also serialize JSON and paste it as a solid string in between { }.
*Check if Admin SDK API is enabled for your project and if it’s not, enable it: choose your project and type in the search line “admin sdk”
if it is disabled, click Enable button
Post your comment on this topic.