1. Configuring the Google Cloud Platform Connector
  2. Creating an Application By Using the Google Cloud Platform Connector
  3. Prerequisites for Creating an Application By Using the Connector
  4. Configuring the Target System

2.2.2 Configuring the Target System

This is a high-level summary about the tasks to be performed on the target system before you create the application.

The pre-installation process involves performing the following tasks:

Note:

The detailed instructions for performing each of these tasks are available in the Google Cloud Platform Documentation at https://cloud.google.com/docs/
  1. Create a project and register your client application with the Google Cloud Platform in Google Cloud Console .
  2. Select APIs & Services, and then select Enabled APIs & services. Search for Admin SDK, Group Settings, Cloud Resource Manager, IAM (Identity and Access Management) API Services and enable them.
  3. Select APIs & Services, and then select Credentials. Click Create Credentials to create a API key, an OAuth client ID, and a Service account.
    1. To create OAuth client ID, configure your consent screen. Click CONFIGURE CONSENT SCREEN, select the User Type as Internal, and then click Create.
    2. Enter the application name, user-supported email, and developer email address, and then click SAVE AND CONTINUE.
    3. Click ADD OR REMOVE SCOPES and add all the required scopes and then click SAVE AND CONTINUE to create an application.
    4. To create an OAuth client ID, choose the Application type as web application, enter the name, and then click CREATE. You will get a client ID and a client secret.
  4. Open the service account created by you, note down the email ID. Click Create Google Workspace Marketplace-compatible OAuth Client and select Continue and the copy the client ID.
  5. Click the Keys tab, click ADD Key, and then click Create new key. Select the Key type as P12 and click Create. The Private key is downloaded to the local computer.
  6. Specify the location of this Private key in the Service Account Private Key field when you perform the procedure as described in Basic Configuration Parameters.
  7. Add scopes and authorize the registered client application. To do so:
    1. Login to the Google Admin Console using the https://admin.google.com link with an account that has administrative privileges in the Google instance.
    2. Choose Security and click Access and data controls.
    3. Click API Controls and search for Domain-wide delegation option, and click MANAGE DOMAIN-WIDE DELEGATION.
    4. Click Add new next to API clients, enter the multi-digit Client Number that was provided during the Google Service Account creation.
    5. In the One or More API Scopes field, enter the scopes listed in the Google Applications Scope field. These scope values must be separated by commas, but ensure that the double quotes (") are removed.
    6. Click Authorize.

    Once this is completed, the Test Application button will successfully run and connect to the Google Application instance.

  8. Create a user account on the target system. The connector uses this account to connect to the target system during each connector operation. Post account creation, assign the Groups Admin and User Management Admin admin roles to the newly created account.
  9. Enable access to various Google administrative APIs available in the Google Cloud Platform Business Domain. The administrative API allows you to manage user accounts and synchronizes Google Cloud Platform user accounts with your own user account
  10. Enable external user access to groups in Google Cloud Platform. Perform this step only if you want external users to access groups in Google Cloud Platform.