[Access Control] Setup Procedures List (Google Workspace)

Include

• Customers implementing Access Control
• Customers using Google Workspace as their groupware

Purpose

• This article explains how to configure single sign-on (SSO) between Google Workspace and Access Control to enable access control.

Notes

1. Please check the required items according to your services and use cases.
2. The content of this article is based on the product as of January 2026 and is subject to change without notice.

Table of Contents

Preparation

1. Device Information Collection
2. Access Control Operation Policy Review
3. Access Control Operation Policy Configuration

User Synchronization from Active Directory to Google Workspace / Access Control

1. Organize Users in Active Directory
2. Install Google Cloud Directory Sync and Start User Synchronization
3. Install HDEPasswordFilter on All Domain Controllers (WS 2016 and later)
4. Install HENNGE Directory Sync Tool
5. Install Root Certificate for HENNGE Directory Sync Tool Operation
6. Create API Client for HENNGE Directory Sync Tool Execution
7. Initial Placement of HENNGE Directory Sync Tool Configuration File (config)
8. Execute Assign-HDEOnePasswrdSyncGroup
9. Set Passwords for Users to be Synchronized
10. Confirm Password Settings for Users to be Synchronized
11. Run Directory Sync Tool

Settings to Synchronize User Information from Access Control to Google Workspace

1. API Authorization Settings for User Provisioning
2. User Batch Registration / Update / Delete

Settings Required on the End User Side to Use Access Control Access Control

1. Install Secure Browser and Device Authentication
2. Configure OTP (One-Time Password) Receipt via Application
3. Configure OTP (One-Time Password) Receipt via Email
4. Issue Device Certificate
5. Install Device Certificate
6. Check Device Certificate Installation Status
7. Install Application to Read Device Certificate

Access Control Access Policy Configuration

1. Assign Access Policy Groups to Users
2. Test Access Policy Group Operation
3. Assign Browser Policy Groups to Users

Connect Access Control and Google Workspace

1. Configure Single Sign-On (SSO) Connection between Access Control and Google Workspace
2. Verify Single Sign-On (SSO) Connection between Access Control and Google Workspace
3. Configure Single Sign-On (SSO) Connection between Access Control and Chromebook
4. Verify Single Sign-On (SSO) Connection between Access Control and Chromebook
5. Disconnect Google Workspace Authentication
6. Connect to Services Using Single Sign-On (SSO)
7. User Provisioning for Services Using Single Sign-On (SSO)

Procedure

Preparation

1. Device Certificate Device Information Collection
   * If you are using Device Certificates, please complete this step.
   Device information for the target device is required to issue a Device Certificate.
   Please select and collect information on the target devices in advance.
2. Access Control Operation Policy Review
   Review the operation policy for Access Control (access control rules, items displayed on the login screen, etc.).
3. Access Control Operation Policy Configuration
   Reflect the reviewed Access Control operation policy in the actual product settings.
   • Appearance
   • Password Related Settings
   • Secure Browser Related Settings
   • Device Certificate Settings
   • Other Settings

User Synchronization from Active Directory to Google Workspace / Access Control

If you want to synchronize users from Active Directory to Access Control, please complete this section.

1. Organize Users in Active Directory
2. Install Google Cloud Directory Sync and Start User Synchronization (External Link)
   For details, please contact Google or your Google Workspace reseller.
3. Install HDEPasswordFilter on All Domain Controllers (WS 2016 and later)
4. Install HENNGE Directory Sync Tool
5. Install Root Certificate for HENNGE Directory Sync Tool Operation
6. Create API Client for HENNGE Directory Sync Tool Execution
7. Place HENNGE Directory Sync Tool Configuration File (config)
8. Execute Assign-HDEOnePasswrdSyncGroup
9. Set Passwords for Users to be Synchronized
   Change the password for all users to be synchronized once.
10. Confirm Password Settings for Users to be Synchronized
11. Run Directory Sync Tool

Settings to Synchronize User Information from Access Control to Google Workspace

If you want to synchronize users from Access Control to Google Workspace, please complete this section.

1. API Authorization Settings for User Provisioning
2. User Batch Registration / Update / Delete
   • User Batch Registration
   • User Batch Update
   • User Batch Delete

Settings Required on the End User Side to Use Access Control Access Control

1. Install Secure Browser
   * This step is for customers using Secure Browser.
2. Configure OTP (One-Time Password) Receipt via Application
   * This step is for customers using OTP.
3. Configure OTP (One-Time Password) Receipt via Email
   * This step is for customers using OTP.
4. Issue Device Certificate
   * This step is for customers using Device Certificates.
5. Install Device Certificate
   * This step is for customers using Device Certificates.
   * If you are using a Chromebook, please complete the following step in advance.
   Device Certificate [For Chromebook] Cybertrust DeviceiD Importer Registration Method
6. Check Device Certificate Installation Status
   * This step is for customers using Device Certificates.
7. Install Application to Read Device Certificate
   * This step is for customers using Device Certificates on iOS devices.

Depending on the service linked with Access Control, this section may be required.
For details, please consult your implementation guide.

Access Control Access Policy Configuration

1. Assign Access Policy Groups to Users
2. Assign Browser Policy Groups to Users
   * This step is for customers using Secure Browser.

Connect Access Control and Google Workspace

1. Configure Single Sign-On (SSO) Connection between Access Control and Google Workspace
2. Verify Single Sign-On (SSO) Connection between Access Control and Google Workspace
3. Configure Single Sign-On (SSO) Connection between Access Control and Chromebook
4. Verify Single Sign-On (SSO) Connection between Access Control and Chromebook
5. Disconnect Google Workspace Authentication
6. Connect to Services Using Single Sign-On (SSO) (External Link)
   If you have services other than Google Workspace that use SSO, you can download procedures with a proven track record from this section.
7. User Provisioning for Services Using Single Sign-On (SSO)
   Some services support user provisioning.
   You can check which services support provisioning from this section.