Before you can enable the Google Apps provisioning adapter in VMware Identity Manager, you must create a Google service account.

Procedure

  1. Create a Google service account and its credentials.

    You will need your service account’s client ID, email address, and private key file to enable provisioning.

  2. After you create the Google service account, enable Google Apps domain-wide delegation.
    1. In the API Manager Credentials > Create credentials page, click Manage service accounts.
    2. Click the more options icon icon next to your service account and select Edit.
    3. Select the Enable Google Apps Domain-wide Delegation checkbox, and click Save.

      Enable Domain-wide delegation popup


  3. Delegate Google Apps domain-wide authority to your service account from the Security > Advanced Settings > Authentication > Manage API client access page in the Google Admin console. See the Google documentation for more information.

    When you delegate domain-wide authority to the service account, enter the following values for the One or More API Scopes field: https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/admin.directory.user.alias.readonly,https://www.googleapis.com/auth/admin.directory.user.alias,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.group.member.readonly,https://www.googleapis.com/auth/admin.directory.group.member,https://www.googleapis.com/auth/admin.directory.group



    Manage API client access page in Google


    You can now enable provisioning in the VMware Identity Manager service.

What to do next

Configure the Google Apps provisioning adapter in the VMware Identity Manager service.