Google Cloud Identity
Google Cloud Identity
Google Cloud Identity is an identity and access management (IAM) service that enables organizations to securely manage users, devices, and app access across cloud and on-premises environments.
Creating a Google Cloud Identity connection
Create the connection by using one of the following methods:Using OAuth
Creating your connection
- In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
- Select the Google Cloud Identity icon. A dialog box with name of the connection and connection methods appear.
- (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
- Click Google Cloud Identity to authenticate using OAuth.
- Sign in using your credentials.
Using Service Account
To create the connection you need:- A Credentials
- A Delegated User
- A Google Oauth 2.0 Scopes
Creating your connection
NoteThis step is only necessary if you don’t already have a service account.
- In the Google Cloud console, go to the Create service account page.
-
Enter a name in the Service account name field.
- (optional) Edit the service account ID.
- (optional) If you want to grant the service account access to the project, or to grant users access to this service account, click on Create and continue.
- Click Done to finish creating the service account.
Create a service account key
- In the Google Cloud console, go to the service account page.
- Select the service account that you want to create a key for.
- Click the Keys tab.
- From the dropdown menu, select Add key > Create new key.
- Select JSON as the key type and click Create.
- Copy the key.
Enable service account delegation in your Google Workspace
- In the Google Admin console, go to the API controls page and then click on Manage domain wide delegation.
- Add a new client to your workspace. In Client ID, use the client ID from the downloaded JSON service account from the previous step.
-
Add the following scopes:
Note #1You can adjust the scopes according to your requirements.Note #2It usually takes a few minutes for impersonation access to be granted after the client ID was added.
Creating your connection
- In the Blink platform, navigate to the Connections page > Add connection.
- Select the Google Cloud Identity icon. A dialog box with name of the connection and connection methods appear.
- (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
- Select Service Account as the method to create the connection.
-
Fill in the parameters:
- Paste the JSON key into the Credentials field.
- Specify the email address of the Delegated User for which Blink will use for access.
Many actions contain a
Delegated User Overrideparameter which lets you perform specific operations on behalf of a different user. When this parameter is not specified, it will default to the one provided in the connection.
The delegated user has to be a user in the same domain. For the list of the available users, navigate to the users tab.- A comma-separatedlist of Scopes you want this connection to request. This list should not exceed the scopes you added in your domain-wide delegation.
- (Optional) Click Test Connection to test it.
- Click Create connection. The new connection appears on the Connections page.