The following steps walk through an example use case and the information that will need to be saved will be specific to your application.
NOTE: Steps 1-23 can be completed with base ‘Admin’ permissions. Step 24 and on (managing domain-wide delegations) require ‘SuperAdmin’ permissions. We recommend coordinating with SuperAdmin permission holder before attempting all configuration steps.
Create Project
Step 1:
- Click on below URL.
https://console.developers.google.com/iam-admin/serviceaccounts
Step 2:
- Click Create Project and enter details, click on CREATE.
- Project name = custom project name
- Organization = choose the corresponding G-Suite domain for your organization
- Location = choose the parent organization or folder
![](https://www.securends.com/wp-content/uploads/2021/10/image-140.png)
Enable Admin SDK
Step 3:
- Navigate to APIs & Services and select Library.
![](https://www.securends.com/wp-content/uploads/2021/10/image-141.png)
Step 4:
- Search Admin SDK and click on Admin SDK in results.
![](https://www.securends.com/wp-content/uploads/2021/02/image-5.png)
Step 5:
- Click on Enable.
![](https://www.securends.com/wp-content/uploads/2021/02/image-6.png)
Configure OAuth Consent Screen
Step 6:
- Navigate to APIs & Services and select OAuth consent screen.
![](https://www.securends.com/wp-content/uploads/2021/02/image-8.png)
Step 7:
- Select Internal and click on Create.
![](https://www.securends.com/wp-content/uploads/2021/10/image-145.png)
Step 8:
- Enter a custom Application name (This Application name will be used in the SecurEnds application when configuring the G Suite Connector)
- As an example: applicationName = Securends
- Store/copy down the application name you created for later use. This application name is case sensitive
![](https://www.securends.com/wp-content/uploads/2021/10/image-146.png)
Step 9:
- Enter “Authorized domains” domain used during Step 2 when creating the project and click on save (This domain will be used in the SecurEnds application when configuring the G Suite Connector)
- Example used below : domain = securends99.com
- This would be your organizations G-Suite domain, not your SecurEnds domain.
- Example used below : domain = securends99.com
- Store/copy down the domain for later use.
![](https://www.securends.com/wp-content/uploads/2021/10/image-147.png)
Create Service Account
Step 10:
- Click on Credentials from left pane.
![](https://www.securends.com/wp-content/uploads/2021/10/image-148.png)
Step 11:
- Navigate to Create Credentials and select Service account.
![](https://www.securends.com/wp-content/uploads/2021/10/image-149.png)
Step 12:
- Enter custom service account details and click on Create.
- As an example: Service account name = securendsService
Grant this service account access to the project and Grant users access to this service account are optional can be skipped.
![](https://www.securends.com/wp-content/uploads/2021/02/image-9.png)
Step 13:
- Click on Done for Service account permissions (Step 2).
Step 14:
- Select the Service account for which you need to create key.
- Click on Actions and select Create key
![](https://www.securends.com/wp-content/uploads/2021/02/image-10.png)
Step 15:
- Select P12 and click on Create.
![](https://www.securends.com/wp-content/uploads/2021/02/image-11.png)
Step 16:
- A p12 file will be downloaded and make a note and save private key password, then click on Close.
![](https://www.securends.com/wp-content/uploads/2021/02/image-12.png)
- The downloaded p12 file has to be placed in /var/ssl in AWS Cloud instance.
- Provide the path has below in env_file
- GSUITE_PKFILE_PATH=/var/ssl/XXXXX.p12
- Upload the generated certificate to /opt/docker/XXXX/ssl
- Restart the SecurEnds CEM application.
Domain Wide Delegation
Step 17:
- Select the service account created and click on Edit.
![](https://www.securends.com/wp-content/uploads/2021/10/image-155.png)
Step 18:
- Click on SHOW DOMAIN WIDE DELEGATION
![](https://www.securends.com/wp-content/uploads/2021/10/image-156.png)
Step 19:
- Select the checkbox Enable G Suite Domain wide Delegation
- Click on Save.
![](https://www.securends.com/wp-content/uploads/2021/10/image-157.png)
Step 20:
- Please make a copy of the email and unique id and click on Save. (This unique id will be used in the SecurEnds application when configuring the G Suite Connector)
- As an example: serviceAccountId = securends0912@securendsuar-278414.iam.gserviceaccount.com
- Store/copy down the serviceAccountId for later use.
![](https://www.securends.com/wp-content/uploads/2021/10/image-158.png)
Enable Scopes for Service Account
Step 21:
- Now click on the below URL and login with admin credentials.
https://admin.google.com/
Step 22:
- Click on Security settings.
![](https://www.securends.com/wp-content/uploads/2021/10/image-159.png)
Step 23:
- Click on API Controls by scrolling down.
![](https://www.securends.com/wp-content/uploads/2021/02/image-13.png)
Step 24:
- *SuperAdmin permission required here*
- Click on Manage Domain-Wide delegation by scrolling down.
![](https://www.securends.com/wp-content/uploads/2021/02/image-14.png)
Step 25:
- Click on Add New behind the API Clients.
- Enter the unique ID (From step 20) under client ID and below OAuth scopes under API scopes with comma(,) delimited, then click on Authorise.
![](https://www.securends.com/wp-content/uploads/2021/02/image-15.png)
- https://www.googleapis.com/auth/admin.directory.domain
- https://www.googleapis.com/auth/admin.directory.group
- https://www.googleapis.com/auth/admin.directory.rolemanagement
- https://www.googleapis.com/auth/admin.directory.user
Step 26:
- When utilizing the service account set up steps above, Google can recognize the current customer when my_customer is used as the customerId (customerId = my_customer or G Suite Customer ID)
- As an example: customerId = my_customer
Downloading a CSV File
- The instructions below will walk you through the steps needed to download a CSV file to upload into SecurEnds if an automatic connector is not established.
- Login to admn.google.com
- Select Users from the dashboard.
![](https://www.securends.com/wp-content/uploads/2021/10/image-162.png)
- Select Download users.
![](https://www.securends.com/wp-content/uploads/2021/10/image-163.png)
- Select All user info columns and currently selected columns and Comma-separated values (.csv):
![](https://www.securends.com/wp-content/uploads/2021/10/image-164.png)
- Under YOUR TASKS in the top right of the window, select Download CSV to download the file to upload into SecurEnds in replacement of making an automatic connector
![](https://www.securends.com/wp-content/uploads/2021/10/image-165.png)