Description
G-Suite Directory Synchronization feature allows you to manage users inside the MPaware portal with ease. Add,
Modify, or Deactivate users as soon as they’re in your client’s system so they can get up to speed on cybersecurity
Important: Once G-Suite Directory is activated; you will not be able to add users to the portal outside of this method. Our portal will sync once every hour, which may cause a delay for your users to be updated
Requirements
Admin Access to:
- Google Console
- MPaware Portal
The Process
Setup in Google Console
1. Navigate to the following page: https://console.developers.google.com/projectcreate and sign into your account with your Admin credentials. If required, agree to the Terms and Services.
2. Type a unique name into the “Project Name” box,
3. Click the “Create” button to create the project.
4. Create a service account to be used for this project
5. Navigate to the following page:https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts?supportedpurview=project
6. Select the name of the project you just created:
5. Navigate to the following page:https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts?supportedpurview=project
6. Select the name of the project you just created:
7. On the left sidebar, select “IAM & Admin” then select “Service Accounts”
8. Click the “+ Create Service Account” button at the top of the page.
9. Enter the Service account name: securenowsync
10. Enter an optional “Service account description.”
11. Click the “Create and Continue” button.
12. Click “Select a role” and choose “Owner” to grant service account access to the project owner.
13. Click “Continue.”
Create a service account to be used for this project:
14. In the “Actions” column, click the three vertical dots, then click the “Manage Keys” option.
15. Click the “Add Key” drop down and select “Create new key”
16. In the sidebar that appears, select the “JSON” key type.
17. Click the “Create” button. The JSON file will be downloaded to your local computer. Store this somewhere safe,
you will need to reference this later.
18. Once the file has been downloaded and saved, click the “Done” button.
Enable G-Suite Domain-Wide Delegation
19. Click the “Details” section to modify your securenowsync service account.
20. Type in “securenowsync” in the “Name” field and click save
Delegate domain-wide authority to the service account
21. Navigate to:https://admin.google.com/ac/owl/domainwidedelegation
22. Click the “Add new” button
23. Locate and open the JSON file downloaded in step 17 on page 39 with any file editor. Copy the “client_id” value (excluding quotation marks) and paste that value into the Client ID field.
24. Paste the following value into the OAuth Scopes field:
25. Click the “Authorize” button and the new scope will appear.
Enable Admin API for the project
26. Navigate to:https://console.developers.google.com/apis/library/admin.googleapis.com
27. Confirm the GSuiteMPawareIntegration project is selected next to the Google API logo.
Click the dropdown and select this project if it is not shown by default.
28. Click “Enable” button.
Setup Groups:
Create groups for designating the level of access inside the portal. The possible access levels are listed from lowest to highest and contain all features of the lower access levels:
• BSN-Employees – basic employee access
• BSN-Managers – access to reporting within a client
• BSN-ManagerAdmins – access to manage phishing and bulk manage users within a client
29. Inside the Google Admin Console, click “Groups” to open the Groups dashboard
30. Inside the Groups dashboard, click “Create group”
31. Provide the following “Group Details” for the desired group:
• Name - BSN-Employees
Description – Employee group for users
Group email – bsn-employees
• Name - BSN-Managers
Description – Manager group for users
Group email – bsn-managers
• Name – BSN-ManagerAdmins
Description – Manager Admin group for users
Group email – bsn-manageradmins
32. Click “Next”
33. Setup desired access settings
34. Click “Create Group”
35. Click to add users to the created group
Optional - If you wish to create Tag Groups.
Tags are used for creating specific groups, typically to separate users by department, to create groups you’d like to send specific phishing emails to, or to simplify tracking in the portal.
Follow Steps 29, but ensure the Group Name is: BSN-TAG-<tagname>
For example: BSN-TAG-Executive Team, BSN-TAG-Accounts, etc.
Inside the Group Details dashboard:
36. Add members to the desired group:
a) Click the add user icon to add users one at a time:
- Begin typing the name of the user you would like to add to the group, click the user’s email address, and click “Add to Group”
b) Or click the bulk upload members to import users in bulk
37. Repeat for all desired groups
Note: A user can only be in one access group. Access levels are on a hierarchy. All access levels contain the functionality as the access levels below it, simply add users to the highest level of access they should have. However, the user can be in one access group as well as one Tag group
Configuration in the MPaware Portal
38. Log in to the MPaware Portal
39. Once logged in select “Manage Clients” to and select the customer
40. Select the “Directory Sync” tab
41. Select the “Directory Sync” tab and use the Sync Type drop-down selector to select “Google G-Suite”. Click Enable
42. Once saved, we recommend configuring your Welcome Message options.
“Send Welcome Messages” = will send the welcome message to newly added employees during the sync.
“Use Custom Message” = will enable welcome messages to be customized. Without this option checked, the standard messages will be sent based off the Global Messages in the Partner Profile.
Clicking “Welcome Message” or “Welcome Back Message” = will allow you to adjust the default message
43. Input your G-Suite Admin Email Address
44. Click the “Choose File” button and select the JSON file that was downloaded.
45. Click “ Save ” to save your changes and finalize G-Suite synchronization for this client!
Repeat each step for all customers.