Skip to main content
Kinetic Community

Google Admin Adapter

Overview

The Google Admin Adapter is an adapter that is installed into Kinetic Bridgehub that retrieves users from the Google Admin API with an authenticated Google account.

Installation

Note: Check to ensure that this adapter isn't already installed into your bridgehub as part of the base installation before undertaking the installation tasks.

  • Download the kinetic-bridges-adapter-googleadmin.jar file and it's dependencies here
  • Put all of the downloaded files into the WEB-INF/lib folder for you kinetic-bridgehub installation
  • Restart the tomcat that your kinetic-bridgehub installation is located in

Setup

Configuration Values

Name Description
Service Account Email Email of the Service Account configured with the Google Admin API
P12 File Location P12 file associated with the Service Account
Impersonated User Email Email of the user to be used to access the Admin data

Example Configuration

Name Value
Service Account Email 103529480642997-p1np6lweiqy98271iorill6jj@developer.gserviceaccount.com
P12 File Location /home/test.user/p12files/93c49ca972a1234ttewyhrteqpoiweru82-privatekey.p12
Impersonated User Email admin.user@acme.com

 

Configuration Details

How to retrieve the Service Account Email and Setup P12 File

For the bridge to authorize with the Google Admin API properly, it needs a configured Service Account, an associated P12 file as well as allowing domain-wide delegation of authority on that service account (to allow it to impersonate the user configured in Impersonated User Email). The instructions below show you how to go through this setup process. Note: Google tends to change their console frequently, so if the steps going page by page through the console don't seem to match up just follow the general process. The process to setting up the accounts should be the same, even if the consoles look/navigate slightly different.

To enable the Google Drive API and get the Service Account Email and P12 file

  1. Navigate to the 'Google Developers Console'
  2. Click on the Create Project button (or if you have an existing project that you wish to keep using, click on the project name.)
  3. Go to the APIs page and turn on the Google Drive service
  4. Go to the Credentials page and create a new Client Id
    • Select 'Service Account'
    • Select 'P12 Key' for key type
  5. When you click 'Create Client Id', a P12 file will be downloaded
  6. Remember the email for the Service Account and the location fo the downloaded P12 file

How to Perform Domain-Wide Delegation of Authority to Allow Impersonation

  1. Go to the admin console in your Google Apps domain
  2. Select Security from the list of controls. If you don't see Security listed, the menu will likely need to be expanded to include More Controls
  3. Select advanced settings from the list of options
  4. Select manage third party OAuth Client access in the authentication section
  5. In the client name field enter the service account's Client Id
  6. In the one or more API scopes field enter the list of scopes that you application should be granted access to
    • For Google Admin, you should enter https://www.<wbr/>googleapis.<wbr/>com/auth/admin.<wbr/>directory.<wbr/>user​
  7. Click the authorize button

Structures, Fields, and Queries

Structures

  • Users

Fields

  • Users
    • Example/Useful fields (Full list of fields can be found in Google's User documentation)
      • id
      • primaryEmail
      • isAdmin
      • suspended
      • changePasswordAtNextLogin
      • isMailboxSetup

Queries

Information for how to write qualifications to retrieve Users can be found in the Google Admin API documents, which can be found here.

Changelog

v1.0.2 (2017-11-14)

  • Update version of guava dependency so it is compatible with the version included with Kinetic Bridgehub

v1.0.1 (2017-05-17)

  • Opened up bridge to allow full Google query syntax (https://developers.google.com/admin-...s/search-users)
  • Allow domain to be optionally set in the Configuration Values
  • Count now returns an accurate value for anything over 500 (previously anything over that would still return 500)
  • Add pagination
  • Improved error messaging when domain isn't present
  • If no fields are passed, return all fields instead of throwing an error

v1.0.0 (2016-04-13)

  • Initial Version