Google Cloud Identity
About Google Cloud Identity
Google Cloud Identity is a unified identity and endpoint management platform that is integrated into Google Workspace.
Why You Should Integrate Google Cloud Identity
This integration is the only way to gain provide insight into systems that are accessing Google resources or that are synched into Google’s directory from Active Directory.
The Data We Collect and How We Use It
The table below lists the fields we collect from Google Cloud Identity and how they map to the fields in our Sevco platform. This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.
| Google Cloud Identity Field | Sevco Field |
|---|---|
name | id |
osVersion | OS |
lastSyncTime | last_activity_time |
imei | imei |
serialNumber | serial_number |
wifiMacAddresses | mac_addresses |
assetTag | additonal_fields.asset_tag (this field is currently not searchable) |
Integrate Google Cloud Identity
-
Add a source: Follow our instructions to add a Sevco source.
-
Provide credentials: You'll be asked to provide source credentials that Sevco will use to connect to Google Cloud Identity:
| Credential, Parameter, or Permission | Where You Can Find This Value |
|---|---|
Credential:service_account_jsonDescription: The contents of the service account's JSON key file. | This information is available in the Google Cloud Console's IAM & Admin → Service Accounts section. Instructions below. Refer to Google instructions for working with service accounts for details. |
Permission scope:https://www.googleapis.com/auth/cloud-identity.devices.readonlyDescription: The service account must have permission to this scope. | This setting is available in the G Suite Admin Panel's Manage API Client Access section under the Client Name ID specified for your service account. The scope is specified in the One or More API Scopes section. Instructions below. |
Credential:admin_emailDescription: This account is your Cloud Identity administrator account. | The email address of the Google Workspace Admin who granted account permissions in step 6 of the instructions below. |
Get the Required Credentials From Google Cloud Identity
Step 1. Enable Cloud APIs in the Google Cloud Console
-
Select the project that you want Sevco to connect to.
-
Go to APIs & Services → Dashboard.
-
Verify that the Cloud Identity API API is listed. It is required to fetch Cloud Identity devices.
If it does not appear in the list, click Enable APIs and Services at the top of the screen, search for Cloud identity APIs, and click Enable.
Step 2. Create a Service Account and Grant Permissions
- In the Google Cloud Console IAM & Admin → Service Accounts section, click Create Service Account. Provide Name and Description, then click Create and Continue.
- In the next tab, continue without setting any roles; continue to click Create Key and create a JSON type key. Your JSON key will be downloaded.
- Finish creating the user and go back to the service accounts screen. You can now view the client-id for the service account. Copy it.
- Open the G Suite Admin Panel and navigate to Security → API Controls, then click Manage Domain Wide Delegation, and Add Client.
- In the Client Name field, specify the client ID of your service account.
- In the One or More API Scopes section, specify this scope:
https://www.googleapis.com/auth/cloud-identity.devices.readonly
If you encounter any errors, they are most likely related to incorrect credentials or insufficient permissions. Verify all your work in this section.
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Updated 10 months ago