mirror of
https://github.com/bitwarden/help
synced 2025-12-06 00:03:30 +00:00
80a0b17ac6
* jekyll redirect from * Organizations rev (#262) * Organizations revisions initial commit. * API doc updates * Fix absolute link causing build failure. * Add import to org article, and downstream order changes. * Bitwarden 101 videos: 1st steps toward proliferating these throughout /help. * Added 'Create Your Account' article, which references B101 Videos. * About SSO redirect & promote importing for orgs up the list * Create Org FAQs & trim Feature FAQs accordingly. * Image for Org FAQs * Move 'About the Business Portal' to Orgs category, and re-order accordingly. * Final edits. * Dchoi/bootstrap upgrade (#264) * bootstrap 4 upgrade and cleanup update gulp tasks * bootstrap package updates * renaming file convention * general outline of help outline * bitwarden help cleanup * article cleanup * article general styling complete * bootstrap help page upgrades * sidebar updates * Dchoi/bootstrap upgrade (#267) * bootstrap 4 upgrade and cleanup update gulp tasks * bootstrap package updates * renaming file convention * general outline of help outline * bitwarden help cleanup * article cleanup * article general styling complete * bootstrap help page upgrades * sidebar updates * toc dynamic and more updates * fix callout conditions * sidebar collapse functionality added * sidebar header toggle functionality * sidebar article fixes * Update sidebar.html Fix sidebar Release Notes link. * Update releasenotes.md Remove unnecessary category tag. * Delete release-notes.md Remove unnecessary category. * Update why-choose-bitwarden-for-your-team.md Test table image differentiation * Update why-choose-bitwarden-for-your-team.md Second image differentiation test * removed links from category breadcrumb and replaced with badges Co-authored-by: fred_the_tech_writer <69817454+fschillingeriv@users.noreply.github.com>
5.6 KiB
5.6 KiB
layout, title, categories, featured, popular, hidden, tags
| layout | title | categories | featured | popular | hidden | tags | |
|---|---|---|---|---|---|---|---|
| article | Configuring directory sync with G Suite (Google) |
|
true | false | false |
This article will cover how to connect the Bitwarden Directory Connector application to your G Suite directory.
Requirements
- Read through the following article: [Syncing users and groups with a directory]({% link _articles/directory-connector/directory-sync.md %})
- Install Bitwarden Directory Connector
- Using Directory Connector, log into your Bitwarden account and select your enterprise organization
Create a Google Cloud Project
{% callout info %} If you already have a Google Cloud project available, you can skip this step and re-use it here. {% endcallout %}
- Go to https://console.cloud.google.com/home
- Click the Create project button {% image directory-connector/gsuite/create-project.png %}
- Enter a project name and click Create {% image directory-connector/gsuite/new-project.png %}
- Refresh the page and you should now see your project
Enable the Admin SDK API for Your Project
- Go to https://console.cloud.google.com.
- Make sure the appropriate project is selected. You should be on the Dashboard page for your project.
- Open the navigation menu and navigate to APIs & Services → Library.
- Search for and select the Admin SDK service. {% image directory-connector/gsuite/admin-sdk.png %}
- Click the Enable button near the top. {% image directory-connector/gsuite/admin-sdk-enable.png %}
Create & Configure a Service Account
- Go to https://console.cloud.google.com
- Make sure the appropriate project is selected. You should be on the Dashboard page for your project.
- Open the navigation menu and navigate to APIs & Services → Credentials.
- Click the Create credentials button and select Service account key. {% image directory-connector/gsuite/create-credentials.png %}
- Select New service account from the Service account dropdown menu.
- Name the service account Bitwarden Directory Connector. For the role, select Project and then Owner. Ensure that JSON is the selected Key type. Upon clicking Create, a JSON file will be downloaded; this is important for later so keep a note of where you have downloaded it. {% image directory-connector/gsuite/create-service-account.png %}
- You should now see your newly created service account listed. Click on Manage service accounts (on the right-hand side). {% image directory-connector/gsuite/click-manage-service-accounts.png %}
- Select the options button next to your service account, and select Edit. {% image directory-connector/gsuite/edit-service-account.png %}
- Check the box "Enable G Suite Domain-wide Delegation", enter anything for "Product name for the consent screen" and click Save. {% callout info %}"Enable G Suite Domain-wide Delegation" is only required on some older G Suite accounts. Newer G Suite accounts will automatically have domain-wide delegation enabled for all service accounts. If you do not see the "Enable G Suite Domain-wide Delegation" checkbox option available for your service account, you can assume it is already enabled.{% endcallout %} {% image directory-connector/gsuite/tick-gsuite.png %}
- Click View Client ID and you'll see the Client ID on screen. You will need the Client ID to configure security within G Suite. Highlight the Client ID and copy it to your clipboard. {% image directory-connector/gsuite/view-client-id.png %} {% image directory-connector/gsuite/copy-client-id.png %}
Configure G Suite Security
- Go to https://admin.google.com
- Open the navigation menu and navigate to Security → Settings.
- Select the API reference option and make sure Enable API access is checked. {% image directory-connector/gsuite/enable-api-access.png %}
- Back in the list of options, select the Advanced settings options and then the Manage API client access link. {% image directory-connector/gsuite/manage-api-access.png %}
- For Client Name, paste the Client ID of the service account that you created in the previous steps. For API Scopes, paste the following values to grant read-only access to users and groups:
https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.group.member.readonly
- Click the Authorize button to save. {% image directory-connector/gsuite/authorize-client.png %}
- You should now see your service account listed as an authorized client of G Suite. {% image directory-connector/gsuite/authorized-client-list.png %}
Configure Directory Connector
- Launch the Directory Connector desktop application.
- Go to the Settings tab.
- Select G Suite Directory as the directory type.
- Enter the Domain of your G Suite account.
- Enter the email address of an Admin User that has full access to the G Suite directory (such as your own).
- If you have one, enter the Customer Id of your directory (most users won't need to enter a Customer Id).
- Select the JSON Key File that was downloaded whenever you created your service account in the steps above. The Client Email and Private Key will be automatically extracted from this key file for you.
Congrats! You are done configuring G Suite with the Bitwarden Directory Connector.
Testing
Test your configuration by running a sync test. You should see your G Suite groups and/or users printed to the screen.