View Categories

Configuration Details

3 min read

Create Project

Step 1: Click on below link

https://console.developers.google.com/iam-admin/serviceaccounts

Step 2

Click “Create Project” and enter details, click on “CREATE”.

  • Project name = custom project name
  • Organization = choose the domain for your organization
  • Location = choose the parent organization or folder
Enable Admin SDK

Step 3

Click on “APIs & Services” -> “Library

Step 4

Search “Admin SDK” and click on “Admin SDK’ in results

Step 5

Click on “Enable”

Step 6

Click on “APIs & Services” -> ”OAuth consent screen

Step 7

Select “Internal” and click on “CREATE

Step 8

Enter a custom “Application name” (This Application name will be used in the SecurEnds application when configuring the Google Cloud Connector)

As an example:

applicationName = Securends

Store/copy down the application name you created for later use. This application name is case sensitive

Step 9

Enter “Authorized domains” domain used during Step 2 when creating the project and click on save

(This domain will be used in the SecurEnds application when configuring the Google Cloud Connector)

Example chosen during Step 2:

domain = securends99.com

Store/copy down the domain for later use.

Create Service Account

Step 10

Click on “Credentials” from left menu

Step 11

Click “CREATE CREDENTIALS” -> then “Service account”

Step 12

Enter custom service account details and click on “CREATE

As an example:

Service account name = securendsService

Step 13

Click on “Continue” for Service account permissions (Step 2).

Step 14

Click on “Create Key” and select “P12” and click on “CREATE

Step 15

A p12 file will be downloaded and make a note and save private key password, then click on “CLOSE

The downloaded p12 file has to be placed in /var/ssl in AWS Cloud instance

Provide the path has below in env_file

GSUITE_PKFILE_PATH=/var/ssl/XXXXX.p12

Upload the generated certificate to /opt/docker/XXXX/ssl

Restart the SecurEnds CEM application

Step 16

Click on “Done

Domain Wide Delegation

Step 17

Select the service account created and click on “edit

Step 18

Click on “SHOW DOMAIN WIDE DELEGATION

Step 19

Select the checkbox “Enable Google Cloud Domain wide Delegation” and click on “Save”

Step 20

Please make a copy of the email and unique id and click on “Save”.

(This unique id will be used in the SecurEnds application when configuring the Google Cloud Connector)

As an example:

serviceAccountId = securends0912@securendsuar-278414.iam.gserviceaccount.com

Store/copy down the serviceAccountId for later use.

Enable Scopes for Service Account

Step 21

Now click on https://admin.google.com/ and login with admin credentials.

Step 22

Click on “Security” settings

Step 23

Click on “API Controls” by scrolling down.

Step 24

Click on “Manage Domain-Wide delegation” by scrolling down.

Step 25

Click on “Add New” behind the API Clients.

Enter the unique ID (From step 20) under client ID and below OAuth scopes under API scopes with comma(,) delimited, then click on “Authorise”.

https://www.googleapis.com/auth/admin.directory.domain

https://www.googleapis.com/auth/admin.directory.group

https://www.googleapis.com/auth/admin.directory.rolemanagement

https://www.googleapis.com/auth/admin.directory.user

Step 26

When utilizing the service account set up steps above, Google can recognize the current customer when my_customer is used as the customerId (customerId = my_customer or Google Cloud Customer ID)

As an example:

customerId = my_customer

Powered by BetterDocs