Google G Suite

Note

This feature required Enterprise Edition.

Genian NAC can use the G Suite directory as a source of user and organizational information. G Suite Sync lets you create user accounts locally and use them for management or policies.

Here's how to sync user and organization information based on G Suite.

Create sync settings

  1. Move to Preferences in top panel.
  2. Move to User Authentication > Data Synchronization in left panel.
  3. Click Tasks > Create.

In General section

  1. For ID, Enter name here
  2. For Update Interval, Select the specified time or periodic interval for synchronization.
  3. For Policy Apply, After synchronization, select Enabled to reflect the changes. If you have multiple sync settings, you can set it to Disabled and enable only the last sync.

In Data Source section

  1. DB Type : Google G Suite
  2. Authorization Code: Enter Authorization code. Click the Generate Google Authorization Code button at the top, and copy and enter the code that is output after clicking the Allow button on the account login.
  3. DOMAIN: When you enter a domain, only the information from that domain is synchronized. If not entered, information about all domains to which the account belongs is synchronized.
  4. VIEW TYPE: Select the data synchronization range according to authority. Typically, admin_view for an account with admin privileges, otherwise domain_public.

In User information section

  1. For Table Name, Enter users.
  2. For Column Name for Username, Enter primaryEmail.
  3. For Column Name for Full Name, Enter name/fullName.
  4. For Column Name for Department ID, Enter orgUnitPath.

In Department Information section

  1. For Table Name, Enter orgunits.
  2. For Displaying Sorted Hierarchies, Enter @NAMEPATH to show based on department name.
  3. For Column Name for Department Code, Enter orgUnitId.
  4. For Column Name for Department Name, Enter name.
  5. For Column Name for Parent Department, Enter parentOrgUnitId.
  6. Click Create button.

Attention

G Suite does not provide a password attribute when using the API, so user passwords cannot be synchronized. Therefore, separate linkage should be set. See SAML 2.0 in: doc: ../ integrate-external.