This guide walks you through the process of configuring Google Workspace and Clavister Cloud Services to establish seamless integration between the two systems. To achieve this, you will need to perform specific configuration steps in both Google Workspace and Clavister Cloud Services. The guide uses our example companyShieldIT as<company_name> through the different steps

To integrate with the Google Workspace API, complete the setup in the Google Cloud management console, the Google Workspace admin console, and within Clavister Cloud Services.

Google Cloud Console Configuration

1. Enable required APIs: (How to enable Google APIs)
   1. Admin SDK API
   2. IAM API
2. Create a Service Account:
   1. Go to IAM & Admin > Service Accounts.
   2. Create a new Service Account (a name is sufficient; no special configuration is needed).
   3. Note down the Service Account client ID.
   4. Download the Service Account key in JSON format.

Google Workspace Admin Console Configuration

1. Enable Domain-Wide Delegation:
   1. Navigate to Security > Access and data control > API controls.
   2. Click on Domain-Wide Delegation.
   3. Add a new API client using the Service Account client ID from before, and scopes.
      1. https://www.googleapis.com/auth/admin.directory.user.readonly
      2. https://www.googleapis.com/auth/admin.directory.group.readonly
2. Create a user for API access:
   1. Create a user account in your Google Workspace domain for Clavister Cloud Services to impersonate.
   2. This user must have read access to users and groups.

Setting up Google Workspace in Clavister Cloud Services

1. Access Clavister Cloud Services, example using ShieldIT: https://shieldit.sase.eu/.
2. Navigate to Users and select the User directories tab.
3. Click on the Add new button and choose the Google option. Provide a name for the directory, input the Impersonated user created previously, choose the Domain and upload the Service Account JSON file.
4. Google users should now have the ability to enroll.

Please note:

Once you have successfully completed the steps outlined above, the configuration process is considered complete. Further configuration within Google and Clavister Cloud Services may not be necessary at this stage. Users who are part of the Google Workspace setup will now have the ability to enroll in the service, note that they will need to have a mobile phone number and email configured in to be able to enroll and that they will not show up in the Clavister Cloud Services console until enrolled using the normal enrollment link. If needed, additional actions and configurations can be performed by users within the Google Workspace environment to facilitate their enrollment in Clavister Cloud Services. 

Related articles