The CanIPhish Google Workspace Integration enables you to synchronise your Google Workspace groups and users to your CanIPhish account. When an employee is added to a Google Workspace group, that employee will automatically be synchronised to the relevant CanIPhish employee listing every 24 hours.
Important Note: This guide should only be followed if you've set up white-labeling. If you haven't, please follow this setup guide. Additionally, please ensure you're accessing CanIPhish through your white-labelled domain (there is server-side logic which determines which directory sync integration to present, based on the domain in-use).
Table of contents:
- Prerequisite
- Step 1. Create A Google Service Account
- Step 2. Associate The Service Account With Google Workspace
- Step 3. Configure Directory Synchronisation In CanIPhish
- Appendix: Setup A Directory Synced Employee List
Prerequisite
You need a Google Cloud Project to create a Google Service Account. If you already have a Google Cloud Project that can be used, you can go straight to Step 1.
P.1. Open the Google Cloud Resource Manager
P.2. Click Create Project
P.3. Enter a Project Name and then click Create
Note: It may take a few minutes for the new project to create, once ready it should appear on the resource manager page.
P.4. You now need to enable the Admin SDK API on the newly created project.To do this, go to APIs and Services > Enable APIs and Services > Enable APIs and Services (at the top of the page). Then enter "Admin SDK API" into the search field and select Admin SDK API from the search results. Click Enable to activate the API.
Step 1. Create A Google Service Account
1.1. While logged into your Google Cloud Project,Go to IAM and Admin > Service Accounts.
1.2. Click the Create Service Account button at the top of the page.
1.3. Enter a unique name that clearly distinguishes the service accounts purpose (e.g. caniphish-directory-connector). Then click 'CREATE AND CONTINUE':
1.4. No role is required for the Service Account, once created, simply click 'DONE'.
1.5. Click into the newly created Service Account and copy or make a note of the Email and Unique ID. We'll need this later.
1.6. While still looking at the Service Account, click the 'KEYS' tab and click ADD KEY > Create new key:
1.7 Select JSON for the 'Key type' and then click CREATE. The newly created key should automatically download once created:
Step 2. Associate The Service Account With Google Workspace
2.1. Open the Google Admin Console.
2.2. Go to Security > Access and data control > API Controls:
2.3. Click on "MANAGE DOMAIN WIDE DELEGATION" at the bottom of the page:
2.4.Click the "Add new" button next to the API clients field:
2.5. In the Client ID field, enter the Service Accounts Unique ID copied earlier (In Step 1.5).
2.6. In the OAuth scopes field, enter the following oAuth Scope and then click AUTHORIZE:
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.group.member.readonly
2.7. On the side-menu, go to Account > Admin roles:
2.8. Click on the "Groups Admin" Role:
2.9. Click on "Assign Role":
2.10. Click on "Assign service accounts":
2.11. Paste in the Service Accounts Email Address copied in Step 1.5., then click ADD followed by ASSIGN ROLE:
2.12. On the side-menu, go to Account > Account settings:
2.13. Make a note of your "Customer ID". We'll need this in Step 3:
Step 3. Configure Directory Synchronisation In CanIPhish
3.1. Login to your CanIPhish account and traverse to the Employees page.
3.2. Click on the Directory Sync button:
3.3. Click on the "Google Workspace" radio button:
3.4. Provide a unique name for the directory (e.g. Google-Connector). upload the JSON credentials file that was downloaded during Step 1.7, and then paste the Google Workspace Customer ID copied in Step 2.13. Then click the Save button:
3.5. The newly created Integration should now appear in the Directory table. You're all done!
Appendix: Setup A Directory Synced Employee List
1. To setup your a directory synced employee list, go to the Employees page and click the New Employee List button.
2. Specify an Employee List Name
3. Click on Import From Directory
4. Select the Directory you'd like to sync (It may take up to 30 seconds for the Directory Groups to load).
5. Select one or more Groups for CanIPhish to sync.
6. Click Sync Directory Employees.
7. Click Save.
Comments
0 comments
Please sign in to leave a comment.