Provisioning Asset Mgmt in Google G-Suite

Audience:

Labels:

  • sortorder:4

The following guide provides step-by-step details for setting up Asset Management in Google's G-Suite.

Prerequisites for Google Integration

There are 3 ways to authenticate with Google APIs: OAuth 2, Service to Service (JSON Web Token), or API Key. Asset Management only supports the OAuth 2 method of authentication.

1. Create a New Project

Using your admin account, login to the Google API Console and select a project.

gsuite_step1_01.png

Select New Project.

gsuite_step1_02.png

Provide a descriptive name for your project (i.e., "AM Integration") for easy identification. The organization will be pre-filled with the domain name set up in your G-Suite Admin Console. The location will be the parent organization of the district.

gsuite_step1_03.png

2. Enable APIs and Services for your Project

Once your project is created, you will need to enable APIs and services for this project. Select the Enable APIs and Services option in the top bar, which will open the API Library.

gsuite_step2_01.png

In the search bar, search for "admin" and select Admin SDK API.

gsuite_step2_03.png

Click the Enable button to enable the API.

gsuite_step2_04.png

Once the API has been enabled, you will be redirected to the Admin SDK API overview screen. Navigate back to your main project using the Menu button in the upper left hand corner of the screen, and select OAuth consent screen.

gsuite_step2_06.png

3. Setup OAuth Consent Screen

On the OAuth consent screen, select "Internal" or "Public" in the Application Type section, depending on your organization's login needs.

gsuite_step3_01.png

Complete the app registration through the stepped process: OAuth screen, Scopes, Test Users, Summary.

gsuite_step3_02.png

4. Create OAuth 2.0 Client

Navigate in the left menu to Credentials. In the top menu, choose Create Credentials.

gsuite_step4_01.png

Choose OAuth client ID.

gsuite_step4_02.png

In the Application Type, choose Web application.

gsuite_step4_03.png

Enter a descriptive name.

gsuite_step4_04.png

When asked to supply a URI, add your TIPWeb-IT URI and append /AuthCallback/IndexAsync to the URI (i.e., https://district.tipwebhss.com/tipwebit/AuthCallback/IndexAsync).

You must also add these two URLs to the Authorized redirect URIs:

authenticate.png

Your OAuth credentials should be created. Copy the Client ID and Client Secret to enter into TIPWeb-IT Integration Settings.

gsuite_step4_06.png

5. Assign Privileges To Your Account

Log in to your G Suite admin console. Your account should have the ability to modify user privileges. You will need to assign specific privileges to the G Suite account that will be used to authorize Asset Management to read and/or update device data from/to your G Suite account.

Select Users, then select Manage and select the user that will authorize Asset Management.

assign_1.png

assign_2.png

When you select the user, Google Admin will open a page that displays the settings for the user, with the ability to manage the user’s privileges. Scroll to the section titled “Admin roles and privileges” and expand the section to reveal and edit all the privileges you will need to manage access to Asset Management.

assign_3.png

In the “Admin roles and privileges” section, scroll down to the section titled “Privileges.” This lists all the roles/privileges that the account currently has.

assign_5.png

The privileges that are most relevant to/needed by Asset Management are:

  • Chrome Management
  • Mobile Device Management

You can create a custom role or use a pre-built role that assigns these privileges to the user.

assign_6.png

Asset Management mandatorily needs the "Read" privilege. Without it, Asset Management will not be able to read Chrome and/or mobile device data from your Google account.

If you would like Asset Management to be able to enable and/or disable devices, you will also need the user/account to be given “Manage” privileges. If you do not want Asset Management to automatically enable or disable devices, then you do not need to assign “Manage” privileges.

assign_7.png

Once you have created the custom role, assign the role to the user that will authorize Asset Management. When you log in to Asset Management, go to "Integration Settings," then "Authorize G Suite." You must log in to Google using the account with the custom role that you created.