Skip to main content
Skip table of contents

Google Provisioning

The Memority’s REST connector can be used to provision a Google tenant thanks to APIs. However, some prerequisites must be respected to be able to provision the application.

This page explains how the provisioning works in Memority and prerequisites to be able to provision Google.

Generic REST connector prerequisites are explained in page REST provisioning.

Definitions

What Google objects can be managed ?

The connector is able to manage user accounts, distribution lists, groups and their assignments.

Can we manage license ?

Licenses can be managed though the connector or thanks to automatic assignment rule in Google.

Can we manage account delegation & ownership ?

Account delegation on a mailbox can be managed trough the connector.

The connector can manage account’s calendars, drive and documents ownership to transferred them to another account.

Memority REST connector

APIs authentication prerequisites

To be able to request Google APIs, Memority’s connector need to authenticate with an OAuth2 JWT token. The procedure below explain how to create the configuration in Google to be able to authenticate.

Step

Description

1

Access to Google tenant’s developer console: https://console.developers.google.com

image-20240320-170350.png

Google developer console

2

Create a new project

  • Click on “New project”

  • Set a project name

  • Select the root organization

image-20240320-170239.png

Create a new project

3

On left menu, click “Library” to access API library

image-20240320-170544.png

API library

4

Enable Admin SDK API

  • Look up for “Admin SDK”

  • Click “Enable”

image-20240320-170658.png

Enable Admin SDK API

5

Enable Enterprise License Manager API

  • Look up for “Enterprise License Manager API”

  • Click “Enable”

image-20240320-170836.png

Enable Enterprise License Manager API

6

Access to Google tenant’s console developer for service account management:

https://console.cloud.google.com/iam-admin/serviceaccounts

image-20240320-171134.png

Google’s service account management

7

Create a new service account

  • Set a service account name

  • The service account ID is automatically set, let it as is

  • Set a description

  • Click “Create and continue”

image-20240320-172209.png

Create a new service account

8

Grant the service account to the project

  • Click “Select a role”

  • Look up for “Owner”

  • Select “Owner” role

  • Click “Done”

image-20240320-172602.png

Grant the service account to the project as owner

9

Generate a key for the service account

  • After creation, click on new service account to access details

  • Click “Keys” tab

  • Click “Add key” and “Create new key”

  • Let “JSON” checked and click “Create”

  • Download the generated key, it will be used in connector configuration to access APIs

image-20240320-173001.png

Create key for service account

10

Access to Google admin console to configure API client accesses:

https://admin.google.com/ac/owl/domainwidedelegation

image-20240320-173603.png

Set API client accesses

11

Add a new entry

image-20240320-174052.png

Add OAuth2 scopes to API client

12

Send the JSON file to integrator for configuration.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close