This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.
You can add a Google Directory to your list of Directories to manage groups of users for your policies.
Before you begin
- Create a Google Workspace service account. Ensure you turn on the Admin SDK API, and note down the Client secret/Credential file.
- If you have multiple Google Workspace domains, Ensure each has a different Super admin user account. If the same account attempts to synchronise multiple domains at the same time, you may exceed your Google API quota and rate limits.
- Ensure no firewall policies would block the Internet Control Message Protocol (ICMP).
- To prevent syncing issues, ensure the time on your Smoothwall matches the time in your Google Workspace domain.
Hybrid setup (both Cloud and On-Premise Appliance)
If you have a ‘Hybrid’ setup (both Cloud and an On-Premise Appliance), you must add your Google directory in your On-Premise Appliance because:
- Google directories added in Cloud only exist in Cloud and are not synced to the On-Premise Appliance.
- Google directories added in the On-Premise Appliance will sync to Cloud.
Since deleting a directory in the On-Premise Appliance will not delete the directory in Cloud, and you can’t delete directories in Cloud, you would need to:
- Delete the directory in your On-Premise Appliance.
- Contact Smoothwall Support to request that we delete the directory from Cloud.
On-Premise Appliance
Add a Google directory
- Go to Services > Authentication > Directories.
- Select Add new directory.
- If you have a ‘Hybrid’ setup (both Cloud and On-Premise Appliance), you’ll see a Directory in Cloud Portal field. Select Enabled to push the directory setup from On-Premise Appliance to Cloud. If you don’t select this checkbox, the directory will exist in On-Premise Appliance only.
- If you are in a multi-tenant environment, select the tenant.
- Select the Type as Google.
- You can use the default name of Google, or change it to your preferred name.
- For the Client secrets file, select Choose file and select the Service Account JSON file.
- In the Domain field, enter your Google Workspace.
- In the Administrative user field, add the email username for the Super admin for your Google Workspace (the one that set up the Google Workspace service account).
- (Optional) Enter a descriptive comment.
- Select Add.
Your Google directory will sync automatically with your On-Premise appliance during the next night. If you want to sync immediately, you can run a manual sync. Once the sync with the On-Premise appliance is finished, you will also see the directory in Cloud.
Sync a Google directory
If you make a change in Google Workspace, you must manually sync with your On-Premise appliance to update it. Syncing with your On-Premise appliance can take up to 2 hours depending on the size of your directory.
- Go to Services > Authentication > Directories.
- Hover over the directory and select Sync.
If you have a ‘Hybrid’ setup, the changes will be pushed to Cloud.
Edit or delete a Google directory
- Go to Services > Authentication > Directories.
- Hover over the directory and select Edit or Delete.
When editing, you can choose to deselect the Enabled box to keep the directory but not use it in Smoothwall.
Cloud
Add a Google directory
- Go to Admin Panel > Directories.
- Select Add directory.
- Select Google, then Confirm.
- Enter a name for your directory.
- If you are in a multi-tenant environment, select All tenants, or Selected tenants and specify the tenant(s).
- In the Username field, enter the email username for the Super admin for your Google Workspace (the one that set up the Google Workspace service account).
- For Your credential file, select Browse Files and select your Service Account JSON file.
- Select Save.
Your Google directory will sync automatically with Cloud during the next night. If you want to sync immediately, you can run a manual sync.
Sync a Google directory
If you make a change in Google Workspace, you must manually sync with your Smoothwall Cloud to update it. Syncing with Cloud can take up to 10 minutes depending on the size of your directory.
- Go to Admin Panel > Directories.
- Select the directory and select Sync Directory.
Edit or delete a Google directory
- Go to Admin Panel > Directories.
- Select the directory from the list to edit it.
Contact Smoothwall Support if you want to delete a directory from Cloud, or keep the directory but not use it in Smoothwall.
Next step
You must map your Directory User Groups to the Smoothwall User Groups to authenticate users and apply Web Filter Policies.