Google Cloud Identity is a unified identity and endpoint management platform that is integrated into Google Workspace.
This integration is the only way to gain provide insight into systems that are accessing Google resources or that are synched into Google’s directory from Active Directory.
|Google Cloud Identity Field||Sevco Field|
Add a source: Follow our instructions to add a Sevco source.
Provide credentials: You'll be asked to provide source credentials that Sevco will use to connect to Google Cloud Identity:
|Credential, Parameter, or Permission||Where You Can Find This Value|
The contents of the service account's JSON key file.
|This information is available in the Google Cloud Console's IAM & Admin → Service Accounts section. Instructions below.|
Refer to Google instructions for working with service accounts for details.
The service account must have permission to this scope.
|This setting is available in the G Suite Admin Panel's Manage API Client Access section under the Client Name ID specified for your service account.|
The scope is specified in the One or More API Scopes section. Instructions below.
This account is your Cloud Identity administrator account.
|The email address of the Google Workspace Admin who granted account permissions in step 6 of the instructions below.|
Step 1. Enable Cloud APIs in the Google Cloud Console
Select the project that you want Sevco to connect to.
Go to APIs & Services → Dashboard.
Verify that the Cloud Identity API API is listed. It is required to fetch Cloud Identity devices.
If it does not appear in the list, click Enable APIs and Services at the top of the screen, search for Admin SDK, and click Enable.
- In the Google Cloud Console IAM & Admin → Service Accounts section, click Create Service Account. Provide Name and Description, then click Create and Continue.
- In the next tab, continue without setting any roles; continue to click Create Key and create a JSON type key. Your JSON key will be downloaded.
- Finish creating the user and go back to the service accounts screen. You can now view the client-id for the service account. Copy it.
- Open the G Suite Admin Panel and navigate to Security → API Controls, then click Manage Domain Wide Delegation, and Add Client.
- In the Client Name field, specify the client ID of your service account.
- In the One or More API Scopes section, specify this scope:
If you encounter any errors, they are most likely related to incorrect credentials or insufficient permissions. Verify all your work in this section.
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Updated about 1 month ago
Configure another source: