Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The WSO2 Identity Server (WSO2 IS) has the ability to provision users into different domains like Salesforce, Google, Facebook, etc., using its identity provisioning framework.

...

Tip
titleBefore you begin!

You need to have a Google domain. Click here for more information on creating the domain.

Make sure you have a WUM updated WSO2 Identity Server 5.4.0 pack. For more information on how to WUM update, see Updating WSO2 Products

Anchor
top
top

Configuring Google

...

  1. Open the Google developers console and click the Menu icon in the top left corner.

  2. Create a new project:

    1. Click + CREATE PROJECT on the top of the page.

    2. Provide a name for your project and click Create.

  3. Search for the project you created and click it.

  4. Create a service account for the project you created.

    1. Click IAM and admin > Service accounts.

    2. Click Create under the IAM & admin Service accounts panel.

    3. Click Create service account.

    4. Fill in the form to create the service account:

      • Provide a service account name 
      • Optionally, assign the role Service Account Actor.  Click Project >  Service Account Actor.
      • Select Furnish a new private key and make sure that P12 is selected for the Key type. aef
      Anchor
      p12-file
      p12-file

    5. Click CREATE.
      The Service account and key created message is displayed and the service account's P12 file is downloaded to your machine. 

      Info

      Remember the location of and the name of this downloaded file as it is required later on in this guide.

  5. Get the Client ID of the service account.
    1. Click IAM and admin > Service accounts, click the menu icon at the end the service account you created, and click Edit.
    2. Select  Enable G Suite Domain-wide Delegation and click SAVE.
    3. Anchor
      Copy-Client-ID
      Copy-Client-ID
      Click View Client ID and copy the value for the Client ID.
  6. Manage the API client access:
    1. Go to your domains admin console via https://admin.google.com.

    2. Click Security.

      Info

      Can't see the Security section? Click the MORE CONTROLS bar at the bottom and you can see the Security section.

    3. Click Advanced settings > Manage API client access.
    4. Fill the following values:
      1. Paste the Client ID value you copied previously as the value for Client Name.
      2. Enter https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.orgunit,https://www.googleapis.com/auth/admin.directory.group as the value for scopes.
      3. Click Authorize.
  7. Enable Amin SDK.
    1. On the Open the Google developers console, click the menu icon, and click APIs & Services.
    2. Click Dashboards > + ENABLE API AND SERVICES.
      Image Modified
    3. Search for Admin SDK and click Enable.

[Back to the top]

Configuring the Identity Server to use email address as the username

...