idp-scim-sync icon indicating copy to clipboard operation
idp-scim-sync copied to clipboard

Published 20 hours ago verified publisher icon slashdevops

que: What steps have to be performed on Google Side?

Open goosefraba opened this issue 3 years ago • 3 comments

Hey I set up AWS SSO with all the regular actions done on Google Workspace.

But when launching this app from the Serverless Application Repository, I have to enter the file contents for the service account credentails from Google. This part in particular would be nice to be documented.

Eventhough I set up a service account and downloaded the keys as json. I get an authentication error in the lambda functio then.

Please help

goosefraba avatar Apr 06 '22 12:04 goosefraba

Other than creating the account, the main other thing you need to do is enable the Admin API, and then to set up domain-wide delegation using the steps here: https://developers.google.com/admin-sdk/directory/v1/guides/delegation

When setting up delegation, here are the scopes you need to enable: https://github.com/slashdevops/idp-scim-sync/blob/5eec83f4f7136e9c7d6475f1032b0edca2a99f19/cmd/idpscim/cmd/root.go#L241-L243

Parent5446 avatar Apr 08 '22 08:04 Parent5446

thank you @Parent5446 for your answer and @goosefraba I will create better documentation explaining it very well.

christiangda avatar Apr 10 '22 10:04 christiangda

I've had success following the steps described in https://github.com/awslabs/ssosync#google to get the Google service account set up required for this project. It can take a while (think 10-15 minutes) after setting things up on the Google side before the API is really ready to use with the service account credentials.

obscurerichard avatar Jun 15 '22 21:06 obscurerichard