Google Tenancy Configuration
Google Tenancy Steps.
Setting up the API link for provisioning
Log into the tenancy at console.developers.google.com using a tenancy admin user account.
Creating an API project
Click on My Project next to the Google API logo.
The following dialogue will open
Click on New Project in the top right of this dialogue.
A project creation page will load
Call the project SCHOOLNAME link to SIMS ID The location should be your tenancy
Configure the API Project
On the console screen
Click on My Project next to the Google API logo.
This will open a dialogue box.
Click on the name of your project (SCHOOLNAME link to SIMS ID) then click Open
Adding API Services for Admin SKD and Calendar API
The following screen will display
Please click on Enable APIS and Services
This will open the API Library
In the box search type Admin
This will return a number of APIs please find Admin SDK and click on it.
This will present a screen for the admin SDK.
Please click ENABLE
Then click the back arrow next the words API library (top left) to return to the API Library.
This will return you to the API Library.
In the search box please search for Calendar
This will return a number of results please find Google Calendar API and click on it
This will present a screen for that API please click Enable You will be returned to this screen
Please click on APIs and Service to return to the main console.
##Creating a service account
From the console
Click on credentials in the left had navigation.
This will take you to the credentials screen
Click +CREATE CREDENTIALS and Service Account
This will take you to a page where you can create a Service Account.
The Service Account Name should be set to SchoolNameLinktoSIMSID and the description to Google link to SIMS ID
Click Create
Assigning Service Account Permissions
When the service account is created you can assign permissions to it Ib the Select a Role drop choose Resource Manager and Organization Administrator
Then click Continue
Creating a Key
You will now be taken to a page where you can create a key
Towards the bottom of the page click **+Create Key)
A dialogue will open
Ensure P12 is selected and click Create
A dialogue will open displaying the certificate password and the certificate will download to your local matching (probably to your downloads folder)
Now click Done
Enabling the OAuth 2.0 client
From the console screen click the Pencil Icon next to the service account you have just created**
On the Service account details page
Click on the SHOW DOMAINWIDE DELEGATION link to display the configuration options
Tick Enable G Suite Domain-wide Delegation
Enter a Product Name for the consent screen enter this as SchoolnameLinktoSIMSID
Then click SAVE
You will be returned to the console credentials homepage
Setting domain wide delegation permissions
Note the client ID, as highlighted
Navigate to https://admin.google.com * Security * API Controls * Domain-wide delegation * Click on Manage Domain-wide delegation
Click Add new Enter Client ID (from above) Enter the one / all of the following in OAuth Scopes based on integration required.
User / Group Provisioning
- https://www.googleapis.com/auth/admin.directory.group
- https://www.googleapis.com/auth/admin.directory.group.member
- https://www.googleapis.com/auth/admin.directory.user
- https://www.googleapis.com/auth/drive (if required)
SIMS Timetable to Google Calendar
- https://www.googleapis.com/auth/calendar
When you have added all the required scopes please click Authorise
Setting up single sign-on (SSO) with SIMS ID
Navigate to https://admin.google.com
- Security
- Setup single sign-on (sso) with a third party IDP
Enter the below fields;
Sign-in page URL - https://sso.sims.co.uk/saml/google/emaildomain
email domain is school domain without the full stops i.e. greenabbey.capita.sch.uk - greenabbeycapitaschuk
Sign-out page url - https://sso.sims.co.uk/saml/sloservice
request certificate to be uploaded from capitasoftwaresupport@capita.co.uk
Tick - Use a domain-specific user
Change password URL - https://id.sims.co.uk
Click Save