Password Synchronization with Google Apps


Steps to enable API access in Google Apps

Before you can configure Google Apps with ADSelfService Plus for Password Synchronization, you have to enable Domain Admin API access in Google Apps.

  1. Go to Google Admin console

  2. Logon using your Google Apps Administrator account

  3. Create a new project named ADSelfService Plus

  4. In the left pane, click the Library link. Under the G suite APIs, locate Admin SDK and turn it on.

  5. In the left pane, click the Credentials link

  6. In the right hand side, click the Create Credentials button and select Service Account Key.

  7. Click the drop-box under Service account and select New service account.

  8. Enter a name for the service account and provide the role of Project owner for the service account.

  9. Select the Key type as P12 and click Create. You will now receive a P12 file. Save this file to your computer and click Close.

  10. Click on the Manage service accounts link.

  11. Click on the options against the service account that you created and select Edit.

  12. Mark the checkbox against Enable G Suite Domain-wide Delegation, enter a name in the Product name for the consent screen text box and click Save.

  13. Click on the View Client ID link under the options column and copy the value against the client ID field.

  14. The service account email is the one that is mentioned in the Service account field.

  15. Grant domain-wide authority to this Service Account, using the steps mentioned below.


Delegate domain-wide authority to your service account

The service account that you created needs to be granted access to the Google Apps domain's user data that you want to access. The following tasks have to be performed by an administrator of the Google Apps domain.

  1. Go to your Google Apps domain's Admin console.

  2. Select Security from the list of controls.

  3. Select Advanced settings from the list of options.

  4. Select Manage API client access in the Authentication section.

  5. In the Client name field enter the service account's Client ID that you have copied earlier..

  6. In the One or More API Scopes field, enter the list of scopes that your application should be granted access to. For example, if you need domain-wide access to Users, Groups, and Organizational Units, enter:
    https://www.googleapis.com/auth/admin.directory.user,
    https://www.googleapis.com/auth/admin.directory.group,
    https://www.googleapis.com/auth/admin.directory.orgunit

  7. Click the Authorize button.

Your service account now has domain-wide access to the Google Admin SDK Directory API for all the users of your domain.



Steps to configure Google Apps with ADSelfService Plus

  1. Log in to ADSelfService Plus with administrator credentials.

  2. Go to Configuration --> Self-Service --> Password Synchronizer

  3. Click Google Apps link. In the Google Apps configuration page that opens up, select Password Synchronizer as the Module from the drop-down list.

  4. Enter the domain name (e.g.: adselfserviceplus.com) of your Google Apps domain.

  5. Enter the User Name (e.g.: demo@adselfserviceplus.com) of Google Apps admin account.

  6. Enter the Service Account Email (e.g.: 428499212222-9csoom2llko9292ro21rhm411214lkrh@developer.gserviceaccount.com) which was created in the previous step, from Google Apps.

  7. Select the relevant P12 Key File of Google Apps admin account.

  8. Enter a brief description of the configuration.

  9. Select the Self-Service Policies by clicking the plus icon. Password Synchronization will be possible for only those users who fall under the selected self-service policies.

  10. Click Save.

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine