en-US
search-icon

Enforced Client Policy and Reporting Server 2.3 Admin Guide

Google Directory

Google Directory is one of the options under Directory Services that administrators can use to efficiently manage Users and Groups from the Google server. If you have an environment with more than one firewall in it, you can manage Google Directory at two levels: globally and on the firewall. By selecting the global node, you can configure and make changes across all the firewalls in your environment. By selecting an individual firewall you can configure and make changes that apply only to that particular unit.

 
* 
NOTE: Both Google Directory and LDAP server can be configured on the same firewall.

Topics:

Settings

To configure the Google Directory:
1
On the Policies tab, navigate to Directory Services > Google Directory. The Google Directory page defaults to the Settings tab.

2
Check the box to enable Configure Google Directory.
3
Enter the Domain name for Google Directory service.
4
Set up an authorized service account the server-to-server interactions between EPRS and Good Directory service can occur. This only needs to be done once.
a
Make a note of the Client ID of the service account for use later: 113161272571085955191.
b
Login to https://admin.google.com/ using your Google Super admin account (Service account email) for the domain.
c
Navigate to Security > Advanced settings > Authentication > Manage API client access.
d
In the Client name text box, enter the client ID.
e
In the API Scopes text box, copy/paste the string below:

https://www.googleapis.com/auth/admin.directory.group.member.readonly,
https://www.googleapis.com/auth/admin.directory.group.readonly,
https://www.googleapis.com/auth/admin.directory.orgunit.readonly,
https://www.googleapis.com/auth/admin.directory.user.readonly

f
Click on Authorize.
5
Enter the Service Account Email.
6
Click Update to save these settings.

Users and Groups

To mirror Google Directory users and user groups:
1
On the Policies tab, navigate to Directory Services > Google Directory.

2
Select the Users & Groups tab.
3
Check the box to Mirror LDAP users and user groups automatically.
4
Specify the Refresh period in hours.This is the period between mirroring operations. A valid value can range from 8 to 168 hours.
5
Click Update to save these settings.

Test

To test the Google Directory settings:
1
On the Policies tab, navigate to Directory Services > Google Directory.

2
Select the Test tab.
3
Enter a valid user ID (primary email of the user).
4
Click the Test button. EPRS retrieves any messages from Google as well as returned user attributes in the appropriate fields.