sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-19 08:56:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move IdP Sync to a separate page (#215)

Browse Source
This commit is contained in:
Misha Bragin
2024-08-13 11:12:49 +02:00
committed by GitHub
parent d955b3d928
commit 474f0eca2f
32 changed files with 433 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
src/pages/how-to/google-workspace-sync.mdx Normal file
View File

@@ -0,0 +1,83 @@
# Provision Users and Groups From Google Workspace
[Google Workspace Identity](https://cloud.google.com/architecture/identity/overview-google-authentication)
is the system within Google Workspace that manages user authentication and access,
ensuring secure login and integration with other identity providers for Single Sign-On (SSO) and multi-factor authentication.
NetBird's Google Workspace integration allows you to synchronize users and groups from Google Workspace to NetBird and
automate network access management. With this integration, any changes to users and groups in Google Workspace are mirrored in NetBird,
granting new employees network access while immediately revoking access for former employees.
## Get Started with NetBird-Google Workspace Integration
To begin, go to [Integrations](https://app.netbird.io/integrations) from the left-hand menu, which will direct you to the `Identity Provider` section.
Select the `Google Workspace` option. A pop-up window will appear, launching an intuitive wizard that will lead you through the steps to synchronize
NetBird with Google Workspace.
![NetBird Get Started IdP](/docs-static/img/how-to-guides/microsoft-entra-id-sync/FkdC8BV.png)
## Prerequisites
Before you start creating and configuring an Google Workspace application, ensure that you have the following:
- User account with admin permissions: You must have an Google Workspace user account with the admin permissions to create and manage Google Workspace applications. If you don't have the required permissions, ask your workspace administrator to grant them to you.
- Create new `NetBird` project in Google cloud console https://console.cloud.google.com.
- Enable `Admin SDK API` for `Netbird` project at https://console.cloud.google.com/apis/library/admin.googleapis.com.
## Create a Service Account
- Navigate to [API Credentials](https://console.cloud.google.com/apis/credentials) page
- Click `CREATE CREDENTIALS` at the top and select `Service account`
- Fill in the form with the following values and click `CREATE`
- Service account name: `NetBird`
- Service account ID: `netbird`
- Click `DONE`
<p>
<img src="/docs-static/img/how-to-guides/google-service-account-create.png" alt="service-account-create" className="imagewrapper-big"/>
</p>
## Create Service Account Keys
- Navigate to [API Credentials](https://console.cloud.google.com/apis/credentials) page
- Under `Service Accounts` click the `NetBird` to edit the service account
<p>
<img src="/docs-static/img/how-to-guides/google-edit-service-account.png" alt="edit-service-account" className="imagewrapper-big"/>
</p>
- Take note of service account email address, you will use it in next steps
- Click the `Keys` tab
- Click the `Add key` drop-down menu, then select `Create new key`
- Select `JSON` as the Key type and click `Create`
>When you create a service account key by using the Google Cloud console, most browsers immediately download the new key and save it in a download folder on your computer.
Read how to manage and secure your service keys [here](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#temp-locations)
## Grant a User Management Admin Role to a Service Account
- Navigate to [Admin Console](https://admin.google.com/ac/home) page
- Select `Account` on the left menu and then click `Admin Roles`
- Click `Create new role`
- Fill in the form with the following values and click `CREATE`
- name: `User and Group Management ReadOnly`
- description: `User and Group Management ReadOnly`
- Click `CONTINUE`
<p>
<img src="/docs-static/img/how-to-guides/google-new-admin-role.png" alt="new-admin-role" className="imagewrapper-big"/>
</p>
- Scroll down to `Admin API privileges` and add the following privileges
- Users: `Read`
- Groups: `Read`
<p>
<img src="/docs-static/img/how-to-guides/google-privileges-review.png" alt="privileges-review" className="imagewrapper-big"/>
</p>
- Verify preview of assigned Admin API privileges to ensure that everything is properly configured, and then click `CREATE ROLE`
- Click `Assign service accounts`, add service account email address and then click `ADD`
<p>
<img src="/docs-static/img/how-to-guides/google-assign-service-account.png" alt="assign-service-account" className="imagewrapper-big"/>
</p>
- Click `ASSIGN ROLE` to assign service account to `User and Group Management ReadOnly` admin role
<p>
<img src="/docs-static/img/how-to-guides/google-service-account-privileges.png" alt="service-account-privileges" className="imagewrapper-big"/>
</p>
- Navigate to [Account Settings](https://admin.google.com/ac/accountsettings/profile?hl=en_US) page and take note of `Customer ID`