Configure Google Workspace API authorization for user provisioning (Modern View)

Target

Customers who perform synchronization of user provisioning from HENNGE Access Control to Google Workspace are the target audience.

Purpose

Enable user provisioning functionality from HENNGE Access Control to Google Workspace.

Notes

1. After this operation, user information editing (creation, modification, deletion) will be performed in HENNGE Access Control.

2. After this operation, user changes (creation, modification, deletion) made in HENNGE Access Control will be synchronized to Google Workspace.

3. Changes made in Google Workspace will not be synchronized to HENNGE Access Control.

4. If it is necessary to add a user created in Google Workspace to a Google Group using this feature, it needs to be done separately from Google Workspace.

5. Actual screen verification and configuration changes require administrator privileges in HENNGE Access Control.

6. Refer to the following article for how to access the admin console:

Accessing HENNGE Access Control admin console

7. The information of the privileged administrator account of the Google Workspace tenant is required.

8. The content of this article is based on product specifications as of October 2023 and may be subject to change without notice thereafter.

Detailed Steps and Explanations

API settings in HENNGE Access Control Modern View are configured in the HENNGE Access Control management screen's left menu [System Settings] - [Domain Settings].

1. Google Workspace API Settings

1.1. Access the [Google Admin Console] with the Google Workspace privileged administrator account.

1.2. Access [Access and Data Management] → [Security] → [API Controls] → [Delegation for the entire domain].

1.3. Click [Add new] on the [Delegation for the entire domain] screen.

1.4. Enter the information from the document HENNGE One Connection Setup Sheet provided by HENNGE for the
[Registration of the first new API client], and click [Authorize].

Example of configuration strings (values vary for each customer)

- Enter "Client Name" in [Client ID].

000000000000-0aa0aaaaaaaaaaa00a0aaaaaaaaaa0aa.apps.googleusercontent.com

- Enter "One or more API scopes" in [OAuth Scopes (comma-separated)].

https://www.googleapis.com/auth/admin.directory.user

1.5. Click [Add new] again on the [Delegation for the entire domain] screen.

1.6. Enter the information from the document HENNGE One Connection Setup Sheet provided by HENNGE for the
[Registration of the second new API client], and click [Authorize].

Example of configuration strings (values vary for each customer)

- Enter "Client Name" in [Client ID].

000000000000.apps.googleusercontent.com

- Enter "One or more API scopes" in [OAuth Scopes (comma-separated)].

https://mail.google.com/

1.7. Confirm that the information of the added API client is displayed on the screen.

2. HENNGE Access Control Provisioning Settings

2.1. Access the HENNGE Access Control management screen.

login.png

2.2. Click [System] → [Domain Settings] → [Google Provisioning].

provisioning.png

2.3. Enter the settings and select [Change].

2.3.1. [Account Provisioning]: "Enable" ※ Enable the toggle.

2.3.2. [Password Provisioning]: "Disable" ※ Disable the toggle.

2.3.3. [Google Workspace Administrator User]: Email address of the account that owns Google Workspace privileged administrator rights.

※ By enabling [Password Provisioning], you can synchronize the password in HENNGE Access Control to Google Workspace. However, there are precautions to be aware of during this setting, so please consult with the HENNGE One implementation personnel in advance.
※ The account set in [Google Workspace Administrator User] should be an account that will not be deleted in the future.

          
Was this article helpful?