The following guide provides step-by-step details for setting up Asset Management in Google's G-Suite.
Click a hyperlink below to jump to that topic:
1. Create a New Project
Using your admin account, login to the Google API Console and select a project.
Select New Project.
Provide a descriptive name for your project (i.e., "AM Integration") for easy identification. The organization will be pre-filled with the domain name set up in your G-Suite Admin Console. The location will be the parent organization of the district.
2. Enable APIs and Services for your Project
Once your project is created, you will need to enable APIs and services for this project. Select the Enable APIs and Services option in the top bar, which will open the API Library.
In the search bar, search for "admin" and select Admin SDK API.
Click the Enable button to enable the API.
Once the API has been enabled, you will be redirected to the Admin SDK API overview screen. Navigate back to your main project using the Menu button in the upper left hand corner of the screen, and select OAuth consent screen.
3. Setup OAuth Consent Screen
On the OAuth consent screen, select "Internal" or "Public" in the Application Type section, depending on your organization's login needs.
Complete the app registration through the stepped process: OAuth screen, Scopes, Test Users, Summary.
4. Create OAuth 2.0 Client
Navigate in the left menu to Credentials. In the top menu, choose Create Credentials.
Choose OAuth client ID.
In the Application Type, choose Web application.
Enter a descriptive name.
When asked to supply a URI, add your TIPWeb-IT URI and append /AuthCallback/IndexAsync to the URI (i.e., https://district.tipwebhss.com/tipwebit/AuthCallback/IndexAsync).
You must also add these two URLs to the Authorized redirect URIs:
Your OAuth credentials should be created. Copy the Client ID and Client Secret to enter into TIPWeb-IT Integration Settings.
5. Assign Privileges To Your Account
Log in to your G Suite admin console. Your account should have the ability to modify user privileges. You will need to assign specific privileges to the G Suite account that will be used to authorize Asset Management to read and/or update device data from/to your G Suite account.
Select Users, then select Manage and select the user that will authorize Asset Management.
When you select the user, Google Admin will open a page that displays the settings for the user, with the ability to manage the user’s privileges. Scroll to the section titled “Admin roles and privileges” and expand the section to reveal and edit all the privileges you will need to manage access to Asset Management.
In the “Admin roles and privileges” section, scroll down to the section titled “Privileges.” This lists all the roles/privileges that the account currently has.
The privileges that are most relevant to/needed by Asset Management are:
- Chrome Management
- Mobile Device Management
You can create a custom role or use a pre-built role that assigns these privileges to the user.
Asset Management mandatorily needs the "Read" privilege. Without it, Asset Management will not be able to read Chrome and/or mobile device data from your Google account.
If you would like Asset Management to be able to enable and/or disable devices, you will also need the user/account to be given “Manage” privileges. If you do not want Asset Management to automatically enable or disable devices, then you do not need to assign “Manage” privileges.
Once you have created the custom role, assign the role to the user that will authorize Asset Management. When you log in to Asset Management, go to "Integration Settings," then "Authorize G Suite." You must log in to Google using the account with the custom role that you created.