Skip to main content

Pre-Requisites

Install Requirements

note

This is specific to Self Hosted deployments. For Sath hosted connectors, these requirements are already in place.

  • You need to install Helm version 3 or above.
  • You can use Kubernetes cluster (1.26 or above) to install the connector

Connection Requirements

Below is needed to connect to Google Workspace

Domain URL

It is a core part of a website's URL (its Internet address) managed in Google Workspace. To get this, you need a working instance of Google Workspace source.

Admin User

This is a Service Account in Google Workspace and needs to have certain roles. To create new, follow below steps:

  • Go to Google Admin Console as Super User
  • Go to Users and Click Add New User.
  • Add First Name, Last Name and Primary Email and click Add New User

To Add Roles follow below steps:

  • Post User creation, Select the User from the User table
  • Click on Admin roles and Privileges section
  • Edit and assign required roles
    • To access Google Workspace User and Groups Management: User Management Admin Role and Group Admin Role.
    • To access Google Workspace Roles Management: Super Admin Role.

To Add License follow below steps:

  • Go to Billing > Subscriptions
  • Click Add or upgrade a subscription and choose atleast ‘Google Workspace Business Standard’ license or higher for using IDHub.
  • Post purchase, Go to Users and select the user email
  • Click on Licenses and click on Edit icon to open edit view.
  • Click on Radio button in Status column in licenses table of the user on the license desired and click Save
info

We pull Shared drive information from the Workspace Service Account. It is recommended that the account info provided not have any personal drive or files as that will get pulled as entitlements as well.

GCP Service Account

To get a GCP Service Account, GCP project setup with correct API configuration is needed. Follow below steps:

  • Google Project Configuration Ensure that you perform the following steps before generating a Private Key for Service Account:
    • Ensure that a GCP Organization is available.
    • Create a project in Google Cloud Platform Console (either a user with Super Admin or Project Creator privileges should create the project).
    • Select APIs & Services > Library in the left sidebar to enable the API for the following:
      • Admin SDK API (For Google Workspace Management)
      • Google Drive API (For Google Drive Permission Management)
  • Create Service Account and generate private key
    • Go to IAM & Admin > Service Accounts
    • Select + Create Service Account
    • Enter details (name, account ID, description) to Create account and Click Done
    • Store the system generated Client ID of the Service Account
    • Next is to add scopes to the service account to enable APIs
  • Add Scope to service account
    • Go to Google Admin Console as Super Admin User
    • Go to Security > API Controls
    • Select Manage Domain Wide Delegation
    • Select Add New and enter your service account Client ID You can find the ID (also known as the Unique ID) in the JSON file that you downloaded when you created the service account (For example: "client_id":"102996919678308170059") or in the Google Cloud Console (go to IAM & Admin > Service accounts > your service account)
    • In OAuth Scopes, enter the scopes as required. To add more than one scope, use a comma (,) as a separator (See Scope table below)
    • Select Authorize.
danger

If you get an error, the client ID might not be registered with Google or there might be duplicate or unsupported scopes. Retry with correct Client ID and the app should be available for use within minutes, but can take up to 24 hours.

ScopePurpose
https://www.googleapis.com/auth/admin.directory.groupGroup Provisioning
https://www.googleapis.com/auth/admin.directory.userUser Provisioning
https://www.googleapis.com/auth/driveDrive Provisioning
https://www.googleapis.com/auth/admin.directory.user.readonlyUser Reconciliation
https://www.googleapis.com/auth/admin.directory.group.readonlyGroup Reconciliation
https://www.googleapis.com/auth/admin.directory.drive.readonlyDrive Reconciliatio

Service account keys could pose a security risk if compromised. Delete and Create new keys for service account every month to mitigate this risk.

Private Key

To generate Private Key of the GCP service account, perform below steps:

  • Go to IAM & Admin > Service Accounts
  • In Filter table, select email address on the newly created service account
  • To generate private key , go to Keys tab, select Add Key > Create new key and then select the type ‘JSON
  • Select Create. This will download the key to your PC in JSON Format.
  • Click Close.

To convert Service Account Private Key to RSA Format

  • Open the JSON file for the service account and copy the private key value into the new file.
-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQClZ\n7rXSI1qFJh6fyVpSnDyiaSutOSHEYFq7A08e0fexmxC\nqGT7KWUOVXEJgcyezPheqqoRGT2dcS07s2mri\niy0an+F1G/KIWx7eI195SBAIK99vyN3wCtG/uqaex2gIE+dVcXJNFFDa\\nLSdtZKBmgzIjQT7Kh4KMMFXKoZ9G4hVwYmLYkN5AXhQK2GVibw4XB7eZlPoIJNVpxlsA0G8qDtROP8HZ+YQaC1ohZ\nuzorjsV0ptCf9FONypa26SU1jEbHbQeh4nLe33vlBA1q7+1CgHNLZ6U/iXFog0mkVE3XLFoAmcweOZcO5ScIplC5KtDB3\nO9mrh58N3xauPJe3JeM3bAgMBAAECggEAE3rY8rEfvnuNzaIbH4Bd4aKQ8OZq96FPKEQuoY3fU/7zEb1P+eh7zKlcC65BZqkQeI20Q8PrkWxFKH/OanPLz1+vhG0VfAJdtVjoSQhquO1giE2yI/tPiCf410K3+tDIr5NCHO/QFkFG7D/4cNJaE7slTV3oyx3Hgg2HE0WNKT7WBfDNEc4RLx9iaYHnSuflRrnPFArkQbuzJIMCvn8z9P3dPhElN5ri3nKymqWF5l0lsLx2ehSZuPesns1ZjFpaXRVGxqP1w4ORkl6VGxBhtF2qezjfn6OJy9e+7C74mAu1AgqZpOsnHoi8rfKVBqJC5tfrmUKzqLsCbl980e9GMQKBgQDoc/9FtuRe+E7oZvm55/4bWagd5UYCd9jVL7U5npVGCpdNBYMFNdfcOeCKEi9lMFfPaXfzxYewWXZIIXhxWyzALBuV2+lQTqfE2cKhH1BmdOgEcFAMD0k/IBPJvlt69z26Ufh5xlpl8u77WUfX0D0NiVhVD4PwfpgEagdK6KQ+0wKBgQC2K\\nQmriY7dZxl7/mGi1IjcSFSiJJ6cWAfLbnXhPTLAPsbbi/sUjGrBZlvjUSh7gZwspHCxc83sz3PU4zf2DEhprag5j\nnPd1eL/vDQwZsSNMmY04PEco9LEDb25yKArSweVQFdCot5pXEsoEgkg/XKNSfUUqoBRYi/9zLrwREwf2QKBgQCC2ils+RN9UpI4yR7yw+GLS+ETUykh4o0xFPYTRW4KS5P4S44BtNmaown/L1V2xMvpeh\nmIJD3Jy9KFsDG4vfZnB21P4sdn6Z8PdPXW9WWxB0ZEmWS2JTS6UDhTbNDaW6tn4xTYmAvzL9nPq+aBWjvEDvimiWFgVCMG+Ri51lP++QKBgG/xykqLr6tqV6P2kWPyvuS44qH+ZSbphmjDSlgQNucj7Ssw\n3C0lmdmeoOuSjZFQ9nwM1mCHLU7Rsnpq5JIlvD6NhOtSGuyCLA1DSMNR9IpdJahrcGFMYBMx6p2IqL3STyeusbF2y73uBRXr94Y5mzMu9xkrKs5Yy+tp7JwJLMsJAoGAQSoQjWWVQ53q6qZYf3f1aprXIE034vC7BJRcpu\nCMyeBahMjfe8ZV4IVBEccOCIdKPJDKrxSagCb0QgH1q5MoyLz0O1A\n5h+9wdGE5a11LXH9qSSpHMZFpCpVITDBmhiEM2bBMDftnE/nv3aUnhIQMJ2JZstK2nrg0uEfcBwyRc4g=\n-----END PRIVATE KEY-----\n
  • Replace all \n from the private key with an actual new line. In private key syntax, \n denotes a new line. The can be done in most text editors.
    • For example, in Notepad++, perform a replace all where you replace \\n with \n.
    • Example: Converted Key
  -----BEGIN PRIVATE KEY-----MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQClZ7rXSI1qFJh6fyVpSnDyiaSutOSHEYFq7A08e0fexmxCqGT7KWUOVXEJgcyezPheqqoRGT2dcS07s2mriiy0an+F1G/KIWx7eI195SBAIK99vyN3wCtG/uqaex2gIE+dVcXJNFFDaLSdtZKBmgzIjQT7Kh4KMMFXKoZ9G4hVwYmLYkN5AXhQK2GVibw4XB7eZlPoIJNVpxlsA0G8qDtROP8HZ+YQaC1ohZuzorjsV0ptCf9FONypa26SU1jEbHbQeh4nLe33vlBA1q7+1CgHNLZ6U/iXFog0mkVE3XLFoAmcweOZcO5ScIplC5KtDB3O9mrh58N3xauPJe3JeM3bAgMBAAECggEAE3rY8rEfvnuNzaIbH4Bd4aKQ8OZq96FPKEQuoY3fU/7zEb1P+eh7zKlcC65BZqkQeI20Q8PrkWxFKH/OanPLz1+vhG0VfAJdtVjoSQhquO1giE2yI/tPiCf410K3+tDIr5NCHO/QFkFG7D/4cNJaE7slTV3oyx3Hgg2HE0WNKT7WBfDNEc4RLx9iaYHnSuflRrnPFArkQbuzJIMCvn8z9P3dPhElN5ri3nKymqWF5l0lsLx2ehSZuPesns1ZjFpaXRVGxqP1w4ORkl6VGxBhtF2qezjfn6OJy9e+7C74mAu1AgqZpOsnHoi8rfKVBqJC5tfrmUKzqLsCbl980e9GMQKBgQDoc/9FtuRe+E7oZvm55/4bWagd5UYCd9jVL7U5npVGCpdNBYMFNdfcOeCKEi9lMFfPaXfzxYewWXZIIXhxWyzALBuV2+lQTqfE2cKhH1BmdOgEcFAMD0k/IBPJvlt69z26Ufh5xlpl8u77WUfX0D0NiVhVD4PwfpgEagdK6KQ+0wKBgQC2KQmriY7dZxl7/mGi1IjcSFSiJJ6cWAfLbnXhPTLAPsbbi/sUjGrBZlvjUSh7gZwspHCxc83sz3PU4zf2DEhprag5jnPd1eL/vDQwZsSNMmY04PEco9LEDb25yKArSweVQFdCot5pXEsoEgkg/XKNSfUUqoBRYi/9zLrwREwf2QKBgQCC2ils+RN9UpI4yR7yw+GLS+ETUykh4o0xFPYTRW4KS5P4S44BtNmaown/L1V2xMvpehmIJD3Jy9KFsDG4vfZnB21P4sdn6Z8PdPXW9WWxB0ZEmWS2JTS6UDhTbNDaW6tn4xTYmAvzL9nPq+aBWjvEDvimiWFgVCMG+Ri51lP++QKBgG/xykqLr6tqV6P2kWPyvuS44qH+ZSbphmjDSlgQNucj7Ssw3C0lmdmeoOuSjZFQ9nwM1mCHLU7Rsnpq5JIlvD6NhOtSGuyCLA1DSMNR9IpdJahrcGFMYBMx6p2IqL3STyeusbF2y73uBRXr94Y5mzMu9xkrKs5Yy+tp7JwJLMsJAoGAQSoQjWWVQ53q6qZYf3f1aprXIE034vC7BJRcpuCMyeBahMjfe8ZV4IVBEccOCIdKPJDKrxSagCb0QgH1q5MoyLz0O1A5h+9wdGE5a11LXH9qSSpHMZFpCpVITDBmhiEM2bBMDftnE/nv3aUnhIQMJ2JZstK2nrg0uEfcBwyRc4g=-----END PRIVATE KEY-----
  • Save the converted private key in a new file.

Google Reference Docs

For more information about the above-listed prerequisites, refer to the following links: