Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description

Google Apps Connector for midPoint is based on ForgeRock's OpenICF connector released in December 2015. It was enhanced with some unique fixes and updates and was ported to Evolveum's Polygon project.

Status

FunctionalityStable, limited
Support statusSupportable
Support provided byEvolveum; Support may also be available from original author.
OriginCommunity (AMI Praha)
Target systemsGoogle Apps SAAS platform


Info
titleMidPoint version

Connector requires midPoint 3.4.1 or newer.

This connector does not work correctly in midPoint 3.8 - see MID-4683

Description

Protocol

Google API / OAuth 2.0

SecuritySSL/TLS 1.2

Framework

Polygon 1.4.2.14

Connector name

com.evolveum.polygon.connector.googleapps.GoogleAppsConnector

LicenceCDDL-1.0
Sourcehttps://github.com/Evolveum/connector-googleapps

Status

Info
titleMidPoint version

Connector requires midPoint 3.4.1 or newer.

This connector does not work correctly in midPoint 3.8 - see MID-4683

...

History

Connector was introduced as a contribution to midPoint project by AMI Praha and is not officially supported by Evolveum.

Google Apps Connector contains support for ACCOUNT and GROUP (mailing lists entities). However, as the original connector contains support for more entity types, not all of those were fully tested with midPoint. Current focus is on ACCOUNT entity.

...

The following table lists all the configuration properties you can specify when setting up the Google Apps connector:

Configuration Property
Required
Type
Default Value
Description
domainXString
 

Internet domain name. Seehttps://support.google.com/a/answer/177483?hl=en
clientIdXString
 

Client identifier issued to the client during the registration process.
clientSecretXGuardedString
 

Client secret issued to the client during the registration process.
refreshTokenXGuardedString
 

The refresh token allows you to get a new access token that is good for another hour. Refresh tokens never expire, they can only be revoked by the user or programatically by your app.
skuid
 

String
 

Stock Keeping Units (SKU) ID. Typical value: Google-Apps-For-Business. For more information see https://developers.google.com/admin-sdk/licensing/v1/how-tos/products

autoaddlic
 

BooleanFalseAutomatically add license to user after create
productidXString
 

Product ID. Typical value: Google-Apps. For more information see https://developers.google.com/admin-sdk/licensing/v1/how-tos/products

Getting started

Building the connector

...

  1. Obtain credential codes for Google API. Log in to Google API Manager with your Google admin account.

  2. If you have not done already - create new project and then create new credentials for "OAuth client ID" (and "other" option).

  3. Make sure API access is enabled for at least: Admin SDK and Enterprise License Manager API.

  4. Retrieve credentials in JSON by click on the icon as follows:

  5. Open JSON file and make note of following properties: 

    client_id":"XXXX434004-XXXu8jrm1iqp3clirelba480qXXX.apps.googleusercontent.com
    client_secret":"48zv5mfYZZZZw3QTcb8RBXXX"

     


  6. In order to authenticate with Google you will also need refreshToken. To retrieve it, go to your connector-googleapps java project, run the main and confirm requested action in your web browser.

    Code Block
    connector-googleapps> mvn exec:java -Dexec.mainClass="com.evolveum.polygon.connector.googleapps.Main"
    -------------------------------------------------------------------------------------------
    Generate credentials for GoogleApps Connector
    -------------------------------------------------------------------------------------------
    You have to created and registered App in Google API and Google API enabled.
    Add these credentials into configuration fields in Google Apps Connector. See readme.txt.
    -------------------------------------------------------------------------------------------
    Enter Client ID: <censored> 
    Enter Client Secret: <censored>  
     
    Please open the following address in your browser:
      https://accounts.google.com/o/oauth2/auth?<censored>
    Generated credentials:
    {
      "clientId" : "<censored>",
      "clientSecret" : "<censored>",
      "refreshToken" : "<censored>"
    }


  7. You now have all the information you need to configure the connector resource in the midPoint.