Google Workspace
- 03 May 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Google Workspace
- Updated on 03 May 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
This guide will teach you how to set up the connector between Google Workspace and Clarity Security.
Estimated time to complete: 10 minutes
If you encounter any problems, please contact your support team or support@claritysecurity.io.
Supported Connector Capabilities
Below are capabilities supported by the connector at this time.
Method | Supported |
|---|---|
Provision User | Yes |
List Groups, Policies, and Roles | Yes |
Add User to Groups, Policies, and Roles | Yes |
Remove User from Groups, Policies, and Roles | No |
Deactivate User | No |
Delete User | Yes |
How to Setup the Connector
Note
Using a service account when configuring this connector is advised, as you will use the email address when configuring this in Clarity.
Step 1: Log into the Google Cloud Portal
Step 2: Hover over APIs and Services > Library
Step 3: In the API Library, search for Admin SDK API
Step 4: Click Admin SDK API
Step 5: Click Enable for the Admin SDK API
Step 6: After being redirected, click Credentials
Step 7: Click Create Credentials > Service Account
Step 8: Configure the Service Account
Provide a descriptive name (like Clarity Connector), then click Create and Continue (you may want to also provide a description.)
Step 9: Grant this service service account access > Basic > Editor
Click the "Select a role" drop down option to find the Basic > Editor role. Once this role has been added, you can click Done to skip the third step and continue.
Step 10: Once redirected, click on your new Service Account
Once you are redirected after creating the new service account, click on the service account in the list.
Step 11: Copy the Unique ID
Copy the unique id value for use in a later step.
.png?sv=2022-11-02&spr=https&st=2024-07-01T20%3A41%3A17Z&se=2024-07-01T20%3A51%3A17Z&sr=c&sp=r&sig=R9iSHMEFSSKbIONcpOQxWXGu2MLzyihEeMZ2nWGhFyE%3D)
Step 12: Open a new web browser tab with the following link
Note
Keep your current Google Cloud tab open; you will need this again in Step 21
Step 13: Navigate to Account > Account Settings
Step 14: Copy the Customer ID for the Clarity configuration
Copy the Customer ID and save this value for use in a later step.
Step 15: Click Security > Access and data controls > API controls
Step 16: Scroll to the bottom and Click Manage Domain Wide Delegation
Step 17: Click Add new
Step 18: Enter the Unique ID copied from Step 11
Step 19: Copy the below text into the OAuth scopes
Copy the following text into the OAuth scopes field, then click Authorize.
https://www.googleapis.com/auth/admin.directory.customer,https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.rolemanagement.png?sv=2022-11-02&spr=https&st=2024-07-01T20%3A41%3A17Z&se=2024-07-01T20%3A51%3A17Z&sr=c&sp=r&sig=R9iSHMEFSSKbIONcpOQxWXGu2MLzyihEeMZ2nWGhFyE%3D)
Step 20: Verify the content is populated.
Step 21: Return to your Google Cloud Console web browser tab (from Steps 1-11) and click on the Service account
Return to your initial Google Cloud Platform tab, and click on the Service account again.
In case you closed the original tab, this was the Credentials screen located under the configuration page for the Admin SDK API.
Step 22: Navigate to the Keys tab
Step 23: Click Add Key > Create New Key
Click on the Add Key button, then choose Create new key.
Step 24: Select JSON > Click Create
Select the recommended JSON option from the private key creation screen, then click Create.
This will prompt a download of a JSON text file, the contents of which will need to be provided (copy and pasted) into the Clarity web UI.
Warning
This file contains secure API information which provides access to your Google environment; make sure to store this file securely.
Step 25: Log in to Clarity
Login to your Clarity Security tenant.
https://your_tenant.claritysecurity.io
Step 26: Navigate to Applications, then Marketplace
Click on the Applications side tab, then click on the Marketplace to list all the available connectors.
Step 27: Find Goole Workspace
Scroll to or search for Google Workspace in the list of applications from the marketplace, then click Connect.
Step 28: Connect App
Complete the App Settings form. Details for fields common to all applications can be found in the following article: Common App Configuration Steps.
customerId: Paste the Customer ID value collected in Step 14.
adminAccount: This value is the email address for an admin account of your GSuite account (it is advised to use a service account).
cred_json: Paste the entire contents of the JSON file downloaded in Step 24.
Step 29: App Settings
Complete the App Settings form. Details for each field can be found in the following article: Common App Configuration Steps.
.png?sv=2022-11-02&spr=https&st=2024-07-01T20%3A41%3A17Z&se=2024-07-01T20%3A51%3A17Z&sr=c&sp=r&sig=R9iSHMEFSSKbIONcpOQxWXGu2MLzyihEeMZ2nWGhFyE%3D)
Step 30: User Settings
Complete the User Settings form, check the table at the top to see if any features are unsupported. Details for each field can be found in the following article: Common App Configuration Steps.
.png?sv=2022-11-02&spr=https&st=2024-07-01T20%3A41%3A17Z&se=2024-07-01T20%3A51%3A17Z&sr=c&sp=r&sig=R9iSHMEFSSKbIONcpOQxWXGu2MLzyihEeMZ2nWGhFyE%3D)
Step 31: Validate Your Selections and Save
Save
Clicking the Save button will trigger the first full sync for your application (even if you selected Manual syncing). This includes Service Users, Entitlements, Service User Entitlements, Service User Attributes.
Need Help?
If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.
Was this article helpful?
