This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.
You can add a Google Directory to your list of Directories to manage groups of users for your policies.
Before you begin
- Create a Google Workspace service account. Ensure you turn on the Admin SDK API, and note down the Client secret/Credential file.
- If you have multiple Google Workspace domains, Ensure each has a different Super admin user account. If the same account attempts to synchronise multiple domains at the same time, you may exceed your Google API quota and rate limits.
- Ensure no firewall policies would block the Internet Control Message Protocol (ICMP).
- To prevent syncing issues, ensure the time on your Smoothwall matches the time in your Google Workspace domain.
Hybrid setup (both Cloud and On-Premise Appliance)
Add, sync or edit a Google directory
You can’t add Directories in the Cloud Portal in most Hybrid setups. This is because Cloud and Appliance can’t sync directory setups and mapped groups with each other. You should follow the instructions for the On-Premise Appliance unless you need a Google Directory that only exists in your Cloud Portal.
Contact Smoothwall Support if you need to create a Directory that only exists in the Cloud Portal in your Hybrid setup.
If we turn on this setting, you can add and edit Google Directories from either portal, but they won’t be synced.
Delete a Google directory
Follow the instructions for Appliance unless you have created a directory in your Cloud Portal.
If you have created a directory in your Cloud Portal:
- Delete the directory in your On-Premise Appliance.
- Contact Smoothwall Support to delete the directory from your Cloud Portal.
On-Premise Appliance
Add a Google directory
- Go to Services > Authentication > Directories.
- Select Add new directory.
- If you have a ‘Hybrid’ setup (both Cloud and On-Premise Appliance), you’ll see a Directory in Cloud Portal field. Select Enabled to push the directory setup from On-Premise Appliance to Cloud. If you don’t select this checkbox, the directory will exist in On-Premise Appliance only.
- If you are in a multi-tenant environment, select the tenant.
- Select the Type as Google.
- You can use the default name of Google, or change it to your preferred name.
- For the Client secrets file, select Choose file and select the Service Account JSON file.
- In the Domain field, enter your Google Workspace.
- In the Administrative user field, add the email username for the Super admin for your Google Workspace (the one that set up the Google Workspace service account).
- (Optional) Enter a descriptive comment.
- Select Add.
Your Google directory will sync automatically with your On-Premise appliance during the next night. If you want to sync immediately, you can run a manual sync. Once the sync with the On-Premise appliance is finished, you will also see the directory in Cloud.
Sync a Google directory
If you make a change in Google Workspace, you must manually sync with your On-Premise appliance to update it. Syncing with your On-Premise appliance can take up to 2 hours depending on the size of your directory. This will automatically happen overnight, or you can do it manually:
- Go to Services > Authentication > Directories.
- Hover over the directory and select Sync.
If you have a ‘Hybrid’ setup, the changes will be pushed to Cloud.
Edit or delete a Google directory
- Go to Services > Authentication > Directories.
- Hover over the directory and select Edit or Delete.
When editing, you can choose to deselect the Enabled box to keep the directory but not use it in Smoothwall.
Cloud
Add a Google directory
- Go to Admin Panel > Directories.
- Select Add directory.
- Select Google, then Confirm.
- Enter a name for your directory.
- If you are in a multi-tenant environment, select All tenants, or Selected tenants and specify the tenant(s).
- In the Username field, enter the email username for the Super admin for your Google Workspace (the one that set up the Google Workspace service account).
- For Your credential file, select Browse Files and select your Service Account JSON file.
- Select Save.
Your Google directory will sync automatically with Cloud during the next night. If you want to sync immediately, you can run a manual sync.
Sync a Google directory
If you make a change in Google Workspace, you must manually sync with your Smoothwall Cloud to update it. Syncing with Cloud can take up to 10 minutes depending on the size of your directory.
- Go to Admin Panel > Directories.
- Select the directory and select Sync Directory.
Edit or delete a Google directory
- Go to Admin Panel > Directories.
- Select the directory from the list to edit it.
Contact Smoothwall Support if you want to delete a directory from Cloud, or keep the directory but not use it in Smoothwall.
Next step
You must map your Directory User Groups to the Smoothwall User Groups to authenticate users and apply Web Filter Policies.