Skip to main content

Add, edit or delete a Google Directory

Updated
This article applies to all setups: Cloud-only, On-Premise Appliance-only and Hybrid setups (both On-Premise Appliance and Cloud).

 

You can add a Google Directory to manage groups of users for your policies in Smoothwall Filter or Monitor.

Configure Google Workspace

Account settings

  1. Sign in to your Google Admin Console with your Google Workspace Super Admin account.

      Important

    If you have multiple Google Workspace domains, ensure each has a different Super admin user account. If the same account attempts to synchronise multiple domains at the same time, you may exceed your Google API quota and rate limits.

  2. Turn on Additional Google services for Google Cloud Platform, then turn on the Allow users to create projects service.
  3. Ensure Disable service account key creation is not enforced by an organisation policy.
  4. Set your account as All users are 18 or older. You must revert this setting after setting up the directory.

Set up the project and service account

  1. Go to the Google Cloud console.
  2. Create a Google Workspace Cloud project.
  3. Turn on the Admin SDK API for your project.
  4. Create a service account for your project.

      Note

    Assigning Permissions is optional, but you must not assign Principals with access.

  5. Create a service account key in JSON format. This will download to your computer automatically, so make note of where the private key (JSON file) is saved, as you will need this later.
  6. Go to IAM & Admin > Service Accounts and select your project. Select the link in the Email column and keep a copy of the Unique ID.
  7. Set up domain-wide delegation using your project’s Unique ID in the Client ID field. Enter each of the following into individual OAuth scopes lines:
    • https://www.googleapis.com/auth/admin.directory.group.readonly
    • https://www.googleapis.com/auth/admin.directory.orgunit.readonly
    • https://www.googleapis.com/auth/admin.directory.user.readonly

Set up and sync your Google Directory

Hybrid setup

Add, sync or edit a Google directory

You can’t add Directories in the Cloud Portal in most Hybrid setups. This is because Cloud and Appliance can’t sync directory setups and mapped groups with each other. You should follow the instructions for the On-Premise Appliance unless you need a Google Directory that only exists in your Cloud Portal.

If you need to create a Directory that only exists in the Cloud Portal in your Hybrid setup, select Submit a request from the top of the Help Centre to contact the Support Team.

If we turn on this setting, you can add and edit Google Directories from either portal, but they won’t be synced.

Delete a Google directory

Follow the instructions for Appliance unless you have created a directory in your Cloud Portal.

If you have created a directory in your Cloud Portal:

  1. Delete the directory in your On-Premise Appliance.
  2. To delete the directory from your Cloud Portal, select Submit a request from the top of the Help Centre to contact the Support Team.

Cloud Portal

Add a Google directory

  1. Go to Admin Panel > Directories.
  2. Select Add directory.
  3. Select Google, then Confirm.
  4. Enter a name for your directory.
  5. If you are in a multi-tenant environment, select All tenants, or Selected tenants and specify the tenant(s).
  6. In the Username field, enter the email username for the Super admin for your Google Workspace (the one that set up the Google Workspace service account).
  7. For Your credential file, select Browse Files and select your Service Account JSON file.
  8. Select Save.

Your Google directory will sync automatically with Cloud during the next night. If you want to sync immediately, you can run a manual sync.

Sync a Google directory

If you make a change in Google Workspace, you must manually sync with your Cloud Portal to update it. Syncing with Cloud can take up to 10 minutes depending on the size of your directory.

  1. Go to Admin Panel > Directories.
  2. Select the directory and select Sync Directory.

Edit or delete a Google directory

  1. Go to Admin Panel > Directories.
  2. Select the directory from the list to edit it.

If you want to delete a directory from Cloud, or keep the directory but not use it in Smoothwall, select Submit a request from the top of the Help Centre to contact the Support Team.

On-Premise Appliance

Add a Google directory

  1. To prevent syncing issues, ensure your Appliance’s time matches the time in your Google Workspace domain.
  2. Go to Services > Authentication > Directories.
  3. Select Add new directory.
  4. If you have a ‘Hybrid’ setup (both Cloud and On-Premise Appliance), you’ll see a Directory in Cloud Portal field. Select Enabled to push the directory setup from On-Premise Appliance to Cloud. If you don’t select this checkbox, the directory will exist in On-Premise Appliance only.
  5. If you are in a multi-tenant environment, select the tenant.
  6. Select the Type as Google.
  7. You can use the default name of Google, or change it to your preferred name.
  8. For the Client secrets file, select Choose file and select the Service Account JSON file.
  9. In the Domain field, enter your Google Workspace.
  10. In the Administrative user field, add the email username for the Super admin for your Google Workspace (the one that set up the Google Workspace service account).
  11. (Optional) Enter a descriptive comment.
  12. Select Add.

Your Google directory will sync automatically with your On-Premise appliance during the next night. If you want to sync immediately, you can run a manual sync. Once the sync with the On-Premise appliance is finished, you will also see the directory in Cloud.

Sync a Google directory

If you make a change in Google Workspace, you must manually sync with your On-Premise appliance to update it. Syncing with your On-Premise appliance can take up to 2 hours depending on the size of your directory. This will automatically happen overnight, or you can do it manually:

  1. Go to Services > Authentication > Directories.
  2. Hover over the directory and select Sync.

If you have a ‘Hybrid’ setup, the changes will be pushed to Cloud.

Edit or delete a Google directory

  1. Go to Services > Authentication > Directories.
  2. Hover over the directory and select Edit or Delete.

When editing, you can choose to deselect the Enabled box to keep the directory but not use it in Smoothwall.

Next steps

If you set your account as All users are 18 or older, revert this setting.

You must map your Directory groups to User Groups to: