bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2026-01-01 08:03:28 +00:00
Code Issues Releases Wiki Activity
Files
43ac22b0b51dc5d290da7d85a9273242f87da90f
help/_articles/directory-connector/gsuite-directory.md
David Choi 80a0b17ac6 Staging (#294) 
* jekyll redirect from

* Organizations rev (#262)

* Organizations revisions initial commit.

* API doc updates

* Fix absolute link causing build failure.

* Add import to org article, and downstream order changes.

* Bitwarden 101 videos: 1st steps toward proliferating these throughout /help.

* Added 'Create Your Account' article, which references B101 Videos.

* About SSO redirect & promote importing for orgs up the list

* Create Org FAQs & trim Feature FAQs accordingly.

* Image for Org FAQs

* Move 'About the Business Portal' to Orgs category, and re-order accordingly.

* Final edits.

* Dchoi/bootstrap upgrade (#264)

* bootstrap 4 upgrade and cleanup update gulp tasks

* bootstrap package updates

* renaming file convention

* general outline of help outline

* bitwarden help cleanup

* article cleanup

* article general styling complete

* bootstrap help page upgrades

* sidebar updates

* Dchoi/bootstrap upgrade (#267)

* bootstrap 4 upgrade and cleanup update gulp tasks

* bootstrap package updates

* renaming file convention

* general outline of help outline

* bitwarden help cleanup

* article cleanup

* article general styling complete

* bootstrap help page upgrades

* sidebar updates

* toc dynamic and more updates

* fix callout conditions

* sidebar collapse functionality added

* sidebar header toggle functionality

* sidebar article fixes

* Update sidebar.html

Fix sidebar Release Notes link.

* Update releasenotes.md

Remove unnecessary category tag.

* Delete release-notes.md

Remove unnecessary category.

* Update why-choose-bitwarden-for-your-team.md

Test table image differentiation

* Update why-choose-bitwarden-for-your-team.md

Second image differentiation test

* removed links from category breadcrumb and replaced with badges

Co-authored-by: fred_the_tech_writer <69817454+fschillingeriv@users.noreply.github.com>
2020-11-13 14:23:00 -08:00

93 lines
5.6 KiB
Markdown
Raw Blame History

---
layout: article
title: Configuring directory sync with G Suite (Google)
categories: [directory-connector]
featured: true
popular: false
hidden: false
tags: []
---
This article will cover how to connect the Bitwarden Directory Connector application to your G Suite directory.
## Requirements
- Read through the following article: [Syncing users and groups with a directory]({% link _articles/directory-connector/directory-sync.md %})
- Install Bitwarden Directory Connector
- Using Directory Connector, log into your Bitwarden account and select your enterprise organization
## Create a Google Cloud Project
{% callout info %}
If you already have a Google Cloud project available, you can skip this step and re-use it here.
{% endcallout %}
1. Go to <https://console.cloud.google.com/home>
2. Click the **Create** project button
{% image directory-connector/gsuite/create-project.png %}
3. Enter a project name and click **Create**
{% image directory-connector/gsuite/new-project.png %}
4. Refresh the page and you should now see your project
## Enable the Admin SDK API for Your Project
1. Go to <https://console.cloud.google.com>.
2. Make sure the appropriate project is selected. You should be on the **Dashboard** page for your project.
3. Open the navigation menu and navigate to **APIs &amp; Services** &rarr; **Library**.
4. Search for and select the **Admin SDK** service.
{% image directory-connector/gsuite/admin-sdk.png %}
5. Click the **Enable** button near the top.
{% image directory-connector/gsuite/admin-sdk-enable.png %}
## Create & Configure a Service Account
1. Go to <https://console.cloud.google.com>
2. Make sure the appropriate project is selected. You should be on the **Dashboard** page for your project.
3. Open the navigation menu and navigate to **APIs &amp; Services** &rarr; **Credentials**.
4. Click the **Create credentials** button and select **Service account key**.
{% image directory-connector/gsuite/create-credentials.png %}
5. Select **New service account** from the **Service account** dropdown menu.
6. Name the service account **Bitwarden Directory Connector**. For the role, select **Project** and then **Owner**. Ensure that **JSON** is the selected **Key type**. Upon clicking **Create**, a JSON file will be downloaded; this is important for later so keep a note of where you have downloaded it.
{% image directory-connector/gsuite/create-service-account.png %}
7. You should now see your newly created service account listed. Click on **Manage service accounts** (on the right-hand side).
{% image directory-connector/gsuite/click-manage-service-accounts.png %}
8. Select the options button next to your service account, and select **Edit**.
{% image directory-connector/gsuite/edit-service-account.png %}
9. Check the box "Enable G Suite Domain-wide Delegation", enter anything for "Product name for the consent screen" and click **Save**.
{% callout info %}"Enable G Suite Domain-wide Delegation" is only required on some older G Suite accounts. Newer G Suite accounts will automatically have domain-wide delegation enabled for all service accounts. If you do not see the "Enable G Suite Domain-wide Delegation" checkbox option available for your service account, you can assume it is already enabled.{% endcallout %}
{% image directory-connector/gsuite/tick-gsuite.png %}
1. Click **View Client ID** and you'll see the Client ID on screen. You will need the Client ID to configure security within G Suite. Highlight the Client ID and copy it to your clipboard.
{% image directory-connector/gsuite/view-client-id.png %}
{% image directory-connector/gsuite/copy-client-id.png %}
## Configure G Suite Security
1. Go to <https://admin.google.com>
2. Open the navigation menu and navigate to **Security** &rarr; **Settings**.
3. Select the **API reference** option and make sure **Enable API access** is checked.
{% image directory-connector/gsuite/enable-api-access.png %}
4. Back in the list of options, select the **Advanced settings** options and then the **Manage API client access** link.
{% image directory-connector/gsuite/manage-api-access.png %}
5. For **Client Name**, paste the **Client ID** of the service account that you created in the previous steps. For **API Scopes**, paste the following values to grant read-only access to users and groups:
<pre>https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.group.member.readonly</pre>
6. Click the **Authorize** button to save.
{% image directory-connector/gsuite/authorize-client.png %}
7. You should now see your service account listed as an authorized client of G Suite.
{% image directory-connector/gsuite/authorized-client-list.png %}
## Configure Directory Connector
1. Launch the Directory Connector desktop application.
2. Go to the **Settings** tab.
3. Select **G Suite Directory** as the directory type.
4. Enter the **Domain** of your G Suite account.
5. Enter the email address of an **Admin User** that has full access to the G Suite directory (such as your own).
6. If you have one, enter the **Customer Id** of your directory (most users won't need to enter a Customer Id).
7. Select the **JSON Key File** that was downloaded whenever you created your service account in the steps above. The **Client Email** and **Private Key** will be automatically extracted from this key file for you.
Congrats! You are done configuring G Suite with the Bitwarden Directory Connector.
## Testing
Test your configuration by running a sync test. You should see your G Suite groups and/or users printed to the screen.
Reference in New Issue View Git Blame Copy Permalink