To use the Google Workspace user directory from COYO via the API console from Google, the following needs to be in place:
- The admin SDK must be activated.
- A service account must be created,
- with domain-wide authority delegation.
- The login data must be exported as a "service-account.json" file.
- In the Google admin interface:
- There must be a user with full access to users and groups, who acts as a "service account user".
- The client (client ID) who belongs to the service account must be added under
"Security > API management > Domain-wide delegation" with the following scope of application:
Within COYO, the configuration is very similar to the LDAP protocol. Under Administration, select the tab "User directories" and select the type "Google Workspace".
The attribute for user identification is entered on the "User" tab. We recommend using the "primaryEmail" here.
The rest of the configuration works exactly the same as you know from configuring a user synchronization, e.g. via the LDAP protocol.