Did you know - How to configure password synchronization for Google Apps.
ADSelfService Plus can be used to synchronize any change made to your Active Directory passwords to your Google Apps account. This feature captures all users' Active Directory password resets and changes and automatically sync with their Google Apps accounts in real-time.
This week, I’ll walk you through the steps to configure password synchronizer for Google Apps.
Step-1 : The first step to configuring password synchronization for Google Apps with ADSelfService Plus is to provide domain-wide authority to a Google Apps service account.
- Go to Google Developers Console.
- Logon using your Google Apps Administrator account.
- Create a new project named ADSelfService Plus.
- In the left pane, click the Library link. Under the G suite APIs, locate Admin SDK and turn it on.
- In the left pane, click the Credentials link.
- In the right hand side, click the Create Credentials button and select Service Account Key.
- Click the drop-box under Service account and select New service account.
- Enter a name for the service account and provide the role of Project owner for the service account.
- Select the Key type as P12 and click Create. You will now receive a P12 file. Save this file to your computer and click Close.
- Click on the Manage service accounts link.
- Click on the options against the service account that you created and select Edit.
- Mark the checkbox against Enable G Suite Domain-wide Delegation, enter a name in the Product name for the consent screen text box and click Save.
- Click on the View Client ID link under the options column and copy the value against the client ID field.
- The service account email is the one that is mentioned in the Service account field.
Step-2 : The next step is to grant domain-wide authority to this service account.
- Navigate to your Google Apps domain's Admin console.
- Select Security from the list of controls.
- Select Advanced settings from the list of options.
- Select Manage API client access in the Authentication section.
- In the Client name field enter the service account's Client ID that you have copied earlier.
- In the One or More API Scopes field, enter the list of scopes that your application should be granted access to. For example, if you need domain-wide access to Users, Groups, and Organizational Units, enter the corresponding code.
- Click the Authorize button.
Your service account now has domain-wide access to the Google Admin SDK Directory API for all the users of your domain.
Step-3 : Now that the service account has been configured, we can proceed to configure password synchronizer for Google Apps:
- Log in to ADSelfService Plus with administrator credentials.
- Navigate to Configuration -> Self-Service -> Password Synchronizer.
- Click the Google Apps link.
- In the Google Apps configuration page that opens up, select Password Synchronizer as the Module from the drop-down list.
- Enter the Domain Name of the Google Apps account.
- Enter the User Name of the Google Apps admin account.
- Enter the Service Account Email which you created earlier.
- Select the relevant P12 Key File of Google Apps admin account.
- Enter a brief description of the configuration for easy recall.
- Select the Self-Service Policies by clicking the plus icon. Password synchronization will be provided to those users who fall under the selected self-service policies.
- Click Save.
Testing the configuration:
To check if the password synchronization configuration has been set up correctly, follow these steps:
- Log in to ADSelfService Plus with a domain user credential.
- Navigate to the Change Password tab.
- Enter the old password.
- Provide a new password and confirm it.
- Click Change Password.
- Now, log in to your Google Apps account with the new password.
If you can log into Google Apps without any issues, then the password synchronization configuration has been done correctly.
New to ADSelfService Plus?