Versions Compared

Old Version 2

changes.mady.by.user Elias Brattli Sørensen

Saved on

compared with

New Version 3

changes.mady.by.user Elias Brattli Sørensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To configure a Google Workspace user sync with Kantega SSO Enterprise, you will first have to create a service account, assign the account privileges, then create an impersonation account for the service account and a role for reading users and groups. Follow the steps described below to prepare your Google Workspace for integrating with a Kantega SSO Connector directory. When these steps are finished, you can go to Kantega SSO and paste the values needed.

Start setup in Kantega SSO Enterprise

To add a Workspace Connector/ User Directory in an Atlassian product, navigate to Kantega SSO Enterprise > Cloud user provisioning. Then add a Google Workspace connector.

...

Let’s go to Google to get the setup needed!

Set up service account in Google Cloud

The next step is to create an application and credentials in Google Cloud, which will allow you to complete the form and synchronize users and groups.

...

Go back to the service account and scroll to the right. Copy the OAuth2 Client ID and save it for later.

...

Assign domain-wide delegation to the Service Account

Assigning domain-wide delegation has been moved to Google Workspace. This guide explains how API clients generally work https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority.

...

Your application now has the authority to make API calls as users in your domain (to impersonate users). When you prepare to make authorized API calls, you specify the user to impersonate.

Create a user account for the service account to impersonate

Navigate back to the directory and click “Add new user”.

...

Cut & paste the account username into the "Admin account address" and make a note of it as it will be needed again later in Kantega SSO.

Add and assign a read-only security role

Open the side menu in Google Workspace in admin.google.com as a super admin user.

...

Search for the impersonation account you created earlier. We have chosen to call the account in this example jira-dev-read.

...

Complete the setup in Kantega SSO Enterprise

Go back to your Atlassian product and to the form you started in the beginning (If you closed that, just start a new one under Kantega SSO Enterprise > Cloud user provisioning, and clicking add provider > Google Workspace).
Paste the values obtained during the setup in Google. You need:

...