1. Home
    2. Cloud Identity
    3. Cloud Identity Engine Getting Started
    4. Choose Your Directory Type
    5. Configure a Cloud-Based Directory
    6. Configure Google Directory

    Configure Google Directory

    Learn how to set up Google Directory in the Cloud Identity Engine for user identification and security policy enforcement.
    When you configure your Google Directory in the Cloud Identity Engine, the Cloud Identity Engine can access your Google Directory information to identify users and enforce security policy.
    1. If you have not already done so, activate the Cloud Identity Engine.
    2. Grant the necessary administrator rights in the Google Admin console for the Cloud Identity Engine.
      1. In the Google Admin console, select
        Admin roles
        .
      2. Select a role then click
        Privileges
        .
      3. Select the following privileges then
        Save
         your changes:
        • Admin console privileges
          • Organizational Units > Read
          • Users > Read
          • Groups
          • Services > Mobile Device Management > Manage Devices and Settings
          • Services > Chrome Management > Settings > Manage Chrome OS > Devices > Manage Chrome OS Devices (read only)
          • Domain Settings
        • Admin API privileges
          • Organization Units > Read
          • Users > Read
          • Groups
          • Groups > Create
          • Groups > Read
          • Groups > Update
          • Groups > Delete
          • Billing Management > Billing Read
          • Domain Management
    3. Log in to the Google Admin console and configure the Cloud Identity Engine app in the Google Admin console.
      1. Select
        Security
        API controls
         and click
        Manage Third-Party App Access
        .
      2. Select
        Configure new app
        OAuth App Name Or Client ID
        .
      3. Enter
        Palo Alto Networks Cloud Identity Engine Directory Sync
         and click
        Search
        .
      4. Select the Palo Alto Networks Cloud Identity Engine Directory Sync app.
      5. Select the
        OAuth Client ID
         option if it is not already selected then click
        Select
        .
      6. Select
        Trusted: Can access all Google services
         as the
        App access
         option then
        Configure
         the app.
    4. Collect the necessary information from the Google Admin console to configure Google Directory in the Cloud Identity Engine.
      1. Select
        Account
        Account Settings
        .
      2. Copy the
        Customer ID
         and store it in a secure location.
    5. In the Cloud Identity Engine app, select
      Directories
      Add Directory
      .
    6. Set Up
       a
      Cloud Directory
       and select
      Google
      .
    7. Enter your
      Customer ID
       that you copied in Step 4.
    8. Sign in with Google
       by entering the Google Admin credentials for the account associated with the Customer ID.
      When the login is successful,
      Signed In
       displays.
    9. Click
      Test Connection
       to verify your configuration.
      When the test is successful,
      Success
       displays.
    10. (Optional) Customize the name the Cloud Identity Engine displays for your Google Directory.
      By default, the Cloud Identity Engine uses the default domain name.
    11. Submit
       the configuration.
      When the configuration is submitted successfully, the Cloud Identity Engine displays the Directories page.
      You can now use information from your Google Directory in the Cloud Identity Engine when you configure a user- or group-based security policy rule or with other Palo Alto Networks applications.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo