Syncing Google Directory with Monitor

This article is for Cloud Admins/Tech Admins.

You can sync your users and groups from your Google Directory with Monitor. One of the benefits of syncing your Google Directory is Monitor users will see your users’ names instead of just your users’ system ID. Creating Monitor groups in your Google Directory also ensures Monitor is reporting on your current users, especially as students and staff change throughout the school year.

Plan your groups to support the Alerting Profiles your Safeguarding Contact needs. You can use existing groups and create new groups in your Google Directory. The synced groups can be used by your Safeguarding Contact to edit and create Alerting Profiles as soon as the first sync is complete. 

Monitor will automatically perform recurring automated syncs after you complete the configuration. You can also complete a manual sync to update Monitor with your current Google Directory data.

.

Creating a Google Workspace Project

You need to start with your Google Workspace Admin account to create a Project in your Google Workspace

  1. Sign into your Google Console with your Super Admin account. (Do not use your personal account.)
  2. Open https://console.cloud.google.com/projectselector2/apis/dashboard.
  3. Go to IAM & Admin > Manage Resources.
    • If you can access multiple Organisations, place a check next to your organisational Name.
  4. Select Create Project.
  5. Type a Project name that identifies Monitor syncing your Google directory.
    • Use lowercase, no spaces, starting with alphabetical letters (numbers and hyphens can be used in the rest of the name).
    • Browse to a folder or the root of your Organisation in Location.
    • Click Create.
  6. Assign at least one Google administrator as a Project Owner.

Create a service account to sync Monitor

  1. Go to APIs & Services > Credentials.
  2. In the Service Accounts section, select Manage service accounts
  3. Click + Create Service Account.
  4. Type a short Service account name that identifies Monitor syncing your Google directory (letters, numbers, and spaces).
    • If needed, edit the suggested Service account ID.
  5. (Optional) Add a Service account description.
  6. Click Create and continue.
  7. At Grant this service access to the project, select Owner from the dropdown and click Continue.
    • No changes need to be made to Grant users access to this service account.
  8. Click Done.

Create the service account key

  1. Go to IAM & Admin > Service Accounts.
  2. Look to the right of the service account email and find Manage keys in the (Actions menu) Google Service Account Manage Keys icon.
  3. In the Keys tab, select Add key > Create new key > JSON. Click Create.
    • Your private key (JSON file) will automatically download to your computer.
    • Keep this valuable file secure!
  4. Click Close.

Enable APIs

  1. Your Google Project should be listed at the top of your windows in the navigation bar between the menu and search.
    • If you do not see your project, go to Cloud overview > Dashboard.
    • Double-click your project name.
  2. Go to the APIs & Services > Library.
  3. Use the search box to find and enable:
    • Admin SDK API

Add the internal user

  1. Go to APIs & Services > OAuth consent
  2. In User Type, select Internal and click Create.
  3. Type an App name that identifies Monitor syncing with your Google directory.
  4. In User support email, enter the email for your IT support system.
    • Do not use the logo and domain fields.
  5. Go down to Developer contact information and enter your Super Admin email (these details are only visible to other high-level administrators in your Google Workspace).
  6. Select Save and Continue.

Update the Google API scope

  1. Go to IAM & Admin > Service Accounts.
  2. Select your project.
  3. Select the Column display options icon Google Sevice Account column display options.
  4. Check the Unique ID checkbox to display the column and select OK.
  5. Scroll right to the Unique ID.
    • Select and copy the Unique ID for your project.
  6. Open your Google Admin Console (https://admin.google.com).
  7. Go to Security > Access and data control > API controls.
  8. Select MANAGE DOMAIN WIDE DELEGATION.
  9. Select Add new.
  10. Paste your Unique ID into the Client ID.
  11. Copy and paste each of the following into an OAuth scopes line:
    https://www.googleapis.com/auth/admin.directory.group.readonly
    https://www.googleapis.com/auth/admin.directory.orgunit.readonly
    https://www.googleapis.com/auth/admin.directory.user.readonly

    Google Admin Console oAuth scopes read-only

  12. Select AUTHORIZE.
  13. Select your new entry and select View details.
  14. Verify the Client ID and three Scopes are displayed.
  15. Return to Monitor to add and sync your Google Directory.

Important

Do not proceed to the next step unless you have the following secrets ready:

  1. Google Workspace Super Admin username (do not use the Service account email).
  2. The private key (JSON file). Keep this valuable file secure!
  3. Your Cloud Admin/Tech Admin username and password for your Monitor Portal.

Syncing the Google Directory

Important

Do not use the Google Workspace Service account ID (Service account email address) in Monitor. Your Google Super Admin address is required to access the Google Directory Users and Groups.

Start this process at a time of day that syncing all users will not disrupt business. The sync will start as soon as you save the Directory configuration. The first sync can take up to two hours, for a Google Directory with over 1,000 users.

  1. Sign in to the Monitor Portal.

    Monitor - UK, Australia, New Zealand
    https://portal.smoothwall.cloud

    Monitor - US
    https://portal.linewize.net

  2. Select the Admin Panel and select Directories.
  3. Select Add Directory.
  4. Select Google and select Confirm.
  5. Type a description of this directory in Name.
  6. Choose one of the following:
    • Choose All tenants if you want your Google users available in all of your Monitor tenants.
    • Choose Selected tenants and then pick one or more of your Monitor tenants you want to sync with these Google users.
  7. Type or paste your Google Super Admin email in Username.
  8. Select Browse Files in Your credential file.
    • Select your Google Service account private key (JSON file).
  9. Select Save.

The sync will begin automatically. The “Last Sync Date” will display the time the sync was completed after the sync is complete.

Forcing a Manual Sync

You can manually force a sync if you have made changes within Google Directory and want it to reflect within Monitor.

  1. Sign into the Monitor Portal.
  2. Go to Admin Panel > Directories.
  3. Open your Google Directory.

Select Sync Directory at the bottom-left of your window.

Note

These instructions differ from Google's official help article. If you have any issues following our steps, please see Google’s article.

After your directories are updated you can map your Azure directories to Groups in Monitor for your Safeguarding Contact to use to create Alerting Profiles.

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.