Video showing google external system
Configure credential
- Sign up for GCP
- Go to IAM & Admin → Groups
- It will say "This feature requires an organization" and at the bottom of the screen, click the button "GO TO THE CHECKLIST"
- Follow the instructions to set up cloud identity, verify your domain.
- In the project, allow admin SDK by selecting the project from the drop down. Click on APIs and Services. Click on Enable APIs and Services. Search for and select Admin SDK API. Click Enable.
- Go back to https://console.cloud.google.com/ IAM & Admin.
- Under IAM → Permissions, add a new Principal with role Owner.
- On the left, click on Service Accounts. Create a new service account with role owner. Under the newly created service account, create a new key.
- Domain-wide Delegation.
- Go to: http://admin.google.com/.
- Security → Access and Data Control → API controls.
- Click: Manage Domain Wide Delegation
- Add new
- Use the client ID from the Service Account Detail "Unique ID"
Use these scopes
https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.group.member, https://www.googleapis.com/auth/apps.groups.settings
- The user "impersonated as" (main admin user) needs to be an admin
- Enable the group settings API for your project:
- https://console.cloud.google.com/
- APIs and Services → Enabled APIs and Services
- Click: Enable APIs and Services
- Search for Group Settings API, click on it
- Click: Enable
Configure external system
Test the external system
