- Navigate to the Clearlogin Admin Console (https://admin.clearlogin.com) and select Identity Sources, from the navigation bar on the left.
- Click on New Identity Source.
- Select G Suite.
- Name your new Identity Source, and select it's Priority. Once you're done, click on Save Google Identity Source.
- On the proceeding page, click on Sync Admin Account.
- You will be asked to log into your G Suite account. Follow Google's log in prompts.
Note: Best practices dictate that you use a designated service account for logging into G Suite during this step. This is to avoid losing functionality in case an administrator whose account could be used to do this has their account disabled (IE: if they leave the organization).
Click on Allow when presented with the below prompt.
Afterwards you will be brought back to the following screen on your Clearlogin dashboard.
- Congratulations, you have successfully set up a G Suite Identity source!
Note: If you are also simultaneously using G Suite Apps, then please continue reading.
Using Directory Sync
Directory Sync is a feature that is required if you are using both a G Suite Identity Source and G Suite Apps. It synchronizes G Suite Directory with Clearlogin Directory (CLD). This is necessary because without it, a login loop is created that does not allow you to access G Suite Apps. Luckily Directory Sync is very easy to use!
Note: When using Directory Sync you will actually be authenticating off of an in essence, cloned version of your G Suite Directory that's actually your CLD. You will still perform all G Suite Directory administration from it's console. Directory Sync is one-directional synchronization from a G Suite Directory to a Clearlogin Directory.
- To begin, click on the Directory Sync Settings button from your G Suite Identity Source's page.
- You will be brought to the following page.
Here is an explanation of this page:
Sync Endpoint: Select a Clearlogin Directory as the Sync Endpoint to enable sync'ing. You can add a new Clearlogin Directory here.
Automatic Sync: Run Sync automatically at regular intervals. Daily automatic sync occurs at 1AM EST.
Settings for User Creation: Set how passwords will be handled for users created during Sync.
Default password: Assign a specific password to any new users. If this is blank, new users will be assigned randomized passwords.
Email passwords to: If any users are created, select who should receive those passwords by email. The `Email addresses below` option will send the list of new users and their passwords to the specified email addresses. The 'Corresponding users' option will send an email to each new user with their randomized password.
Admin email addresses: List of comma-separated email addresses that will receive the list of new users and their passwords.
- Once you're done configuring this page make sure to click on the green Save Settings button, and you will be good to go!