Adding Google Session based credentials

Not all Google APIs support standard OAuth 2.0 authentication. The Google Cloud Identity API requires Google Session-based credentials to be added to Oomnitza. Google Session-based credentials use the RSA SHA-256 algorithm and the JWT token format. A Service Account requires an email address and private key credential, rather than a client_id and client_secret.

Prerequisites

Before adding your session-based credentials for use in Oomnitza, ensure you have completed the following steps:

1. Create a Google Service Account and Key:
   • Follow the steps in Google Identity API Documentation: Creating a service account.
   • At the end of this task, you should have a JSON file downloaded to your machine. This JSON file contains your Private Key ID and Private Key, which you will need to add to Oomnitza.
2. Delegate Domain-Wide Authority to the Service Account:
   • Follow the steps in the Google Identity API Documentation: Delegating domain-wide authority to the service account. 
   • You will need to add the Client ID obtained from the downloaded JSON file and the following scope: https://www.googleapis.com/auth/cloud-identity.
3. Enable the Cloud Identity API:
   • Enable the Cloud Identity API by following the steps in Google API Console Help: Enable and disable APIs

Adding the credentials

Required information

• The Service Account Email or email address associated with the user who created the Service Account. This would adhere to the following format or similar: user.iam.gserviceaccount.com. 
• The Service Account User Email is the email address of the Google domain administrator. This would adhere to the following format or similar: admin@company.com
• The following scope: https://www.googleapis.com/auth/cloud-identity 
• The Private Key ID and Private Key taken from the JSON file you generated.

Note
You do not need to use the cloud-identity scope exclusively. There are other options available in the documentation. Refer to the Google Cloud Identity: Device List API. 

Steps

To add your Google Session-based credentials in Oomnitza, complete the following steps:

1. In Oomnitza, click Configuration > Security > Credentials.
2. Click Add new credential (+).
3. Search for the integration, and then click the forward button > to select the integration.
4. Enter your session-based credentials and any other additional information.
5. Click CREATE.

Information
If the integration is not listed, click Advanced Mode, and add your credentials.

1. Add the information details.
2. Click the AUTHORIZATION tab.
3. Ensure that Session Based is selected from the Authorization Type list.
4. Ensure that Google is selected from the SaaS list.
5. Enter the required information. 
6. Click Create. 

Documentation Links

For further information please consult the links below:

• Google: Create a service account.
• Delegating domain-wide authority to the service account
• Google Cloud Identity: Device List API
• Google API Console Help: Enable and disable APIs