# Google Group

{% hint style="info" %}
This is an older version of the document. To view the most recent version of the document, click [here](https://docs.opsmx.com/products/orchestration-module-opsmx-enterprise-for-spinnaker-oes/additional-feature-configuration/secure-spinnaker/authorization/user-role-providers/google-group).
{% endhint %}

## Steps to Setup Google Groups via G Suite <a href="#steps-to-setup-google-groups-via-g-suite" id="steps-to-setup-google-groups-via-g-suite"></a>

### Overview <a href="#overview" id="overview"></a>

* Google Groups make it easy for your users to communicate with people they contact often. As the G Suite administrator, you can create and manage groups in the Google Admin console. You can also use Groups for Business for added features.

### Service Account Setup <a href="#service-account-setup" id="service-account-setup"></a>

* To access user group membership, ensure to use Google Admin Directory API. In this document, we will setup a Google Cloud Platform (GCP) service account and grant access to the Directory API.

**Note**: Before starting up the Service Account Setup, it’s mandatory to have JSON created. Incase if JSON is not created, follow the below steps to create the same

a. Login to GCP Console, navigate to IAM & Admin -> Service Accounts

b. Click on Create Service Account, to create a new account.

c. Give a name for service account as per the requirement. (E.g. spinnaker-account)

d. Click on ‘new private key’ and select the format to be JSON.

e. Ensure to ‘Enable G Suite Domain-wide Delegation’ and click create JSON, which allows to download JSON.

f. Transfer the JSON to any known location in Spinnaker deployment.

g. Now, the newly created Service Account will be listed, along with the ‘DwD’. Click on ‘View Client ID’ to make a note of all the Client details, which will be useful in the next section.

* Provide service account access to the G Suite Directory API in the G Suite Admin console, by executing the below steps
  1. Login to GCP Console, navigate to ‘Security’ Settings page
  2. Under ‘Advanced Settings’, click on ‘Manage API client access’
  3. Now, provide the ‘Client ID’ noted in the above #7, under ‘Client Name’.
  4. Provide the following as API Scope ‘<https://www.googleapis.com/auth/admin.directory.group.readonly>’
  5. Click on Authorize to complete the process.

### Configure Google Groups with Spinnaker <a href="#configure-google-groups-with-spinnaker" id="configure-google-groups-with-spinnaker"></a>

**Note**: Ensure to have all the roles configured to the accounts, as described here.

* Execute the below commands, with all the account details handy. Use halyard to configure Fiat

  ```
  ADMIN=<admin-EMAIL-ID> # An administrator's email address

  CREDENTIALS=<JSON Path> # The downloaded service account credentials
  DOMAIN=<FQDN> # Your organization's domain.

  hal config security authz google edit \
  --admin-username $ADMIN \
  --credential-path $CREDENTIALS \
  --domain $DOMAIN

  hal config security authz edit --type google

  hal config security authz enable
  ```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsmx.com/opsmx-context-graph-and-data-fabric/additional-resources/previous-releases/isd-3.10/orchestration-module-opsmx-enterprise-for-spinnaker-oes/additional-feature-configuration/secure-spinnaker/authorization/user-role-providers/google-group.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.