The WSO2 Identity Server (WSO2 IS) has the ability to provision users into different domains like Salesforce, Google, Facebook, etc., using its identity provisioning framework.
...
Tip | ||
---|---|---|
| ||
You need to have a Google domain. Click here for more information on creating the domain. Make sure you have a WUM updated WSO2 Identity Server 5.4.0 pack. For more information on how to WUM update, see Updating WSO2 Products |
Anchor | ||||
---|---|---|---|---|
|
Configuring Google
...
Open the Google developers console and click the Menu icon in the top left corner.
Create a new project:
Click + CREATE PROJECT on the top of the page.
- Provide a name for your project and click Create.
Search for the project you created and click it.
Create a service account for the project you created.
Click IAM and admin > Service accounts.
Click Create under the IAM & admin Service accounts panel.
Click Create service account.
Fill in the form to create the service account:
- Provide a service account name
- Optionally, assign the role Service Account Actor. Click Project > Service Account Actor.
- Select Furnish a new private key and make sure that P12 is selected for the Key type. aef
Anchor p12-file p12-file Click CREATE.
The Service account and key created message is displayed and the service account's P12 file is downloaded to your machine.Info Remember the location of and the name of this downloaded file as it is required later on in this guide.
- Get the Client ID of the service account.
- Click IAM and admin > Service accounts, click the menu icon at the end the service account you created, and click Edit.
- Select Enable G Suite Domain-wide Delegation and click SAVE.
Click View Client ID and copy the value for the Client ID.Anchor Copy-Client-ID Copy-Client-ID
- Click IAM and admin > Service accounts, click the menu icon at the end the service account you created, and click Edit.
- Manage the API client access:
- Go to your domains admin console via
https://admin.google.com
. Click Security.
Info Can't see the Security section? Click the MORE CONTROLS bar at the bottom and you can see the Security section.
- Click Advanced settings > Manage API client access.
- Fill the following values:
- Paste the Client ID value you copied previously as the value for Client Name.
- Enter
https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.orgunit,https://www.googleapis.com/auth/admin.directory.group
as the value for scopes. - Click Authorize.
- Go to your domains admin console via
- Enable Amin SDK.
- On the Open the Google developers console, click the menu icon, and click APIs & Services.
- Click Dashboards > + ENABLE API AND SERVICES.
- Search for Admin SDK and click Enable.
Configuring the Identity Server to use email address as the username
...