Configuration of Google G Suite

The Snow Integration Connector for Google G Suite is used to determine the number of registered G Suite users. The connector is available in the Snow Integration Manager from version 5.8.

The configuration must be started and prepared according to Configure a SaaS connector.

Prerequisites

Credentials for a G Suite Team account with the role User management are required.

Set up a G Suite app

  1. Go to the G Suite admin console on https://gsuite.google.com/products/admin/.

  2. To sign in to the console:

    1. Select Admin console.

    2. Select or enter your G Suite Team account email address.

    3. Enter your password for the G Suite Team account.

    4. Select Next.

    The G Suite dashboard appears.

  3. Go to Security > API controls.

    Note

    API controls may be named App access control.

  4. Select Trust internal, domain-owned apps.

  5. Select Save.

  6. To verify the domain ownership inside G Suite:

    1. On the G Suite dashboard, select Verify domain.

      The Add a meta tag to your homepage dialog box appears.

    2. Copy the Meta tag value to the homepage of your website, and then select I have added the meta tag to my homepage.

    3. Select Verify

      A message will be displayed saying if the website was successfully verified.

  7. Navigate to https://console.developers.google.com and create a project.

  8. Select the project and enable Admin SDK from the API library.

  9. Go to the OAuth consent screen page in your project:

    1. For User type, select Internal, and then CREATE.

      The OAuth consent screen page appears.

    2. For Application Type, select Internal.

    3. Add Application Name.

    4. Select Add scope.

      The Add scope window appears.

    5. Select the ../auth/admin.reports.usage.readonly scope.

    6. Select Add.

    7. Select Save.

  10. Go to the Credentials page in your project.

    1. Select + Create credentials.

    2. Select OAuth Client ID.

      The OAuth Client ID page appears.

    3. In Application Type, select Web application.

    4. Enter the Name of the app.

    5. In the Authorized redirect URIs section, select + Add Uri.

    6. In URIs, enter http://localhost:8080.

    7. Select Create.

      Your Client ID and Your Client Secret are displayed in the OAuth client created window. Save these values as they are used when configuring Client ID and Client Secret in the connector.

    8. Select OK.

Configure the Google G Suite connector

In the Configure section at the bottom of Connector Configuration: SaaS:

  1. In the Client ID box, enter the value for the Client ID of the created app in Set up a G Suite app.

    gsuite.png
  2. In the Client Secret box, enter the value for Client Secret of the created app in Set up a G Suite app.

  3. In the Redirect URI box enter the value for a redirect uri.

    Note

    The redirect URI can for example be http://localhost:8080 if it is not used by another application.

  4. In the Domain name box, enter the address of the GSuite connected website.

    Example 6.

    yourdomain.com



    Note

    The address of the GSuite connected website should not contain protocol name or www. Examples of invalid entries: http://yourdomain.com, https://www.yourdomain.com, www.yourdomain.com

  5. Select Get URI.

    The All good dialog box appears.

  6. Authenticate and generate the URI for the URI from browser box: 

    1. In the All good dialog box, select OK.

      A default browser opens.

    2. Enter the credentials for your G Suite Team account and select Next.

    3. Select Allow.

      A uri will appear in the browser address field.

  7. Enter the uri in the URI from browser box.

  8. Select Get token.

    A message saying that the token is successfully acquired will appear.

  9. To check if the connection can be established, select Test Connection.

  10. If the connection could not be established, verify that the connector has been configured according to Step 1 to Step 8.

  11. Select the Active checkbox to allow the data to be aggregated.

  12. Select Save.

Note

Version 5.8 of Snow Integration Manager fetches only last login time for the Google G Suite accounts. The last login time is set as the last activity time for Google G Suite account users. However, if the user is using a POP or IMAP email client, and actively using Gmail, then the last login time will not be tracked in Snow Integration Manager 5.8. Therefore, active users can be flagged as inactive if they do not log in to the Google G Suite website.

Snow Integration Manager 5.9, and later versions, fetches last email interaction time for Google G Suite users which provides more accurate data. However, a token acquired in Snow Integration Manager 5.8 does not provide enough permission to fetch email activity report. This can be a problem if the Snow Integration Manager user has scheduled a Google G Suite aggregation using Snow Integration Manager 5.8 and upgraded to Snow Integration Manager 5.9 before the aggregation starts. To solve this, perform Step 5 to Step 9 to fetch a new token. The new token will have enough permissions to fetch the email usage report.