This is an older version of the document. To view the most recent version of the document, click here.
- Google Groups make it easy for your users to communicate with people they contact often. As the G Suite administrator, you can create and manage groups in the Google Admin console. You can also use Groups for Business for added features.
- To access user group membership, ensure to use Google Admin Directory API. In this document, we will setup a Google Cloud Platform (GCP) service account and grant access to the Directory API.
Note: Before starting up the Service Account Setup, it’s mandatory to have JSON created. Incase if JSON is not created, follow the below steps to create the same
a. Login to GCP Console, navigate to IAM & Admin -> Service Accounts
b. Click on Create Service Account, to create a new account.
c. Give a name for service account as per the requirement. (E.g. spinnaker-account)
d. Click on ‘new private key’ and select the format to be JSON.
e. Ensure to ‘Enable G Suite Domain-wide Delegation’ and click create JSON, which allows to download JSON.
f. Transfer the JSON to any known location in Spinnaker deployment.
g. Now, the newly created Service Account will be listed, along with the ‘DwD’. Click on ‘View Client ID’ to make a note of all the Client details, which will be useful in the next section.
- Provide service account access to the G Suite Directory API in the G Suite Admin console, by executing the below steps
- 1.Login to GCP Console, navigate to ‘Security’ Settings page
- 2.Under ‘Advanced Settings’, click on ‘Manage API client access’
- 3.Now, provide the ‘Client ID’ noted in the above #7, under ‘Client Name’.
- 5.Click on Authorize to complete the process.
Note: Ensure to have all the roles configured to the accounts, as described here.
- Execute the below commands, with all the account details handy. Use halyard to configure FiatADMIN=<admin-EMAIL-ID> # An administrator's email addressCREDENTIALS=<JSON Path> # The downloaded service account credentialsDOMAIN=<FQDN> # Your organization's domain.hal config security authz google edit \--admin-username $ADMIN \--credential-path $CREDENTIALS \--domain $DOMAINhal config security authz edit --type googlehal config security authz enable