Learn how to set up Google Directory in the Cloud Identity
Engine for user identification and security policy enforcement.
When you configure your Google Directory in
the Cloud Identity Engine, the Cloud Identity Engine can access
your Google Directory information to identify users and enforce
security policy.
If you have not already done so, activate the Cloud Identity Engine.
Grant the necessary administrator rights in the Google
Admin console for the Cloud Identity Engine.
In the Google Admin console, select
Admin roles
.
Select a role then click
Privileges
.
Select the following privileges then
Save
your changes:
Admin console privileges
Organizational
Units > Read
Users > Read
Groups
Services > Mobile Device Management > Manage Devices and Settings
Services > Chrome Management > Settings > Manage Chrome OS >
Devices > Manage Chrome OS Devices (read only)
Domain Settings
Admin API privileges
Organization Units > Read
Users > Read
Groups
Groups > Create
Groups > Read
Groups > Update
Groups > Delete
Billing Management > Billing Read
Domain Management
Log in to the Google Admin console and configure the
Cloud Identity Engine app in the Google Admin console.
Collect the necessary information from the Google Admin
console to configure Google Directory in the Cloud Identity Engine.
Select
Account
Account Settings
.
Copy the
Customer ID
and store
it in a secure location.
In the Cloud Identity Engine app, select
Directories
Add Directory
.
Set Up
a
Cloud Directory
and
select
Google
.
Enter your
Customer ID
that you
copied in Step 4.
Sign in with Google
by entering
the Google Admin credentials for the account associated with the
Customer ID.
When the
login is successful,
Signed In
displays.
Click
Test Connection
to verify
your configuration.
When the test is successful,
Success
displays.
(Optional) Customize the name the Cloud Identity Engine
displays for your Google Directory.
By default, the Cloud Identity Engine uses the default domain
name.
Submit
the configuration.
When the configuration is submitted successfully, the Cloud
Identity Engine displays the Directories page.
You can
now use information from your Google Directory in the Cloud Identity
Engine when you configure a user- or group-based security policy
rule or with other Palo Alto Networks applications.