This article describes how to set up the import and synchronization of users and groups from Google Workspace to SMARTFENSE. It covers creating the project in Google Cloud, configuring the consent screen, registering OAuth2 credentials, and the import options in SMARTFENSE.
The configuration is available under Users and Groups > Import and Synchronization > From Google.
Prerequisites
- The Google administrator who creates the project must have Superadmin permission.
- The administrator who configures the import in SMARTFENSE must be the same one who creates the consent screen in Google. At the end of the process, the platform will request consent validation from that same user.
- Administrator access to the SMARTFENSE instance.
Data to Obtain for SMARTFENSE
To perform the import, you will need to enter the following data in SMARTFENSE:
- Client ID
- Client Secret Key
Create the Project in Google Cloud
- Log in at
https://console.developers.google.com/project/_/apiui/apis/library. - In the top menu, select Select a project > New Project.
- Enter SMARTFENSE as the project name and click Create.
Configure the Consent Screen
- With the newly created project selected, go to APIs & Services > Credentials.
- Click Configure Consent Screen. If the option OAuth2 Overview appears, click Start.
- Enter SMARTFENSE as the application name.
- Select the User support email and click Next.
- Select Internal and click Next.
- Under Contact Information, enter the same email from step 7 and click Next.
- Accept the Google API Services User Data Policy, click Continue, then CREATE.
Create OAuth2 Credentials
- Go again to APIs & Services > Credentials.
- Click Create Credentials.
- For the type, select OAuth2 Client ID.
- For the application type, select Web Application.
- For the name, enter SMARTFENSE.
Under Authorized redirect URIs, add the following URLs, replacing
tenantwith your instance’s subdomain:https://tenant.takesecurity.com/complete/google-oauth2/https://tenant.takesecurity.com/google-oauth2callback/- Click Create.
- Copy the Client ID and paste it into SMARTFENSE in the Client ID field.
- Copy the Client Secret and paste it into SMARTFENSE in the Client Secret Key field.
- Click Accept.
Enable the Admin SDK API
- Go to APIs & Services > Library.
- Search for and enable Admin SDK API.
Validate the Configuration in SMARTFENSE
- In SMARTFENSE, click Save. The platform will request consent validation. Log in with the user who created the project in Google and allow the requested permissions.
User Configuration
Once the connection is established, define the import criteria.
Users to Import
- Import all users from the directory: imports all available users.
- Import only those belonging to specific groups: enter the group names separated by commas.
This filter allows importing only the users who are relevant to carry out your awareness program.
User Status
- Use the status defined in SMARTFENSE.
- Reflect in SMARTFENSE the status of users in Google (attribute
suspended).
Users Deleted in Google
- Keep Google deleted users without changes in SMARTFENSE.
- Deactivate Google deleted users in SMARTFENSE.
💡 Best Practices
- Ensure that the administrator creating the project in Google has Superadmin permission and is the same one who validates consent in SMARTFENSE.
- Enable the Admin SDK API before clicking Save in SMARTFENSE: without that API enabled, consent validation will fail.
- Replace
tenantwith the actual subdomain of your instance in the authorized redirect URIs. - Test the import with a subset of users before enabling periodic synchronization.
- Document the support email configured on the consent screen so the team retains it when rotating the responsible administrator.