Integrating Google Workspace with Sana enhances organizational efficiency by automating user provisioning and improving data synchronization. This guide outlines the essential steps to set up this integration, from creating a Google Cloud project to generating keys for secure data exchange between Google Workspace and Sana LMS.
๐ก To follow the below steps, you must have super-admin access on your organization's Google Workspace account.
How to set up Google Workspace User Provisioning
Step 1: Create a project
Go to Google Cloud and sign in as a super administrator. If it's your first time signing in to the console, agree to the Terms of Service.
Click IAM & Admin > Manage Resources. You might have to click Menu first.
At the top, click Create Project and enter a project name.
(Optional) To add the project to a folder, for Location, click Browse, navigate to the folder, and click Select.
Click Create.
By default, only the creator of the project has rights to manage the project. To ensure the project can be maintained if the creator leaves the organization, you should assign at least one other person the role of Project Owner. For details, go to Manage access to projects, folders, and organizations.
Step 2: Create a service account
In the Google Cloud console, go to Menu > APIs & Services > Credentials.
Click Create service account.
You'll now need to fill in the service account details, then click Create and continue. You can set the Service account name to 'Sana Integration' and it will auto populate a unique ID. By default, Google creates a unique service account ID.
After completing the first part, you'll need to set the following fields:
Grant this service account access to the project - Admin
(Optional) Enter users or groups that can manage and perform actions with this service account
Step 3: Delegating domain-wide authority to the service account
Using a Google Workspace account, a Workspace administrator of the organization can authorize an application to access Workspace user data on behalf of users in the Google Workspace domain. For example, an application that uses the Google Calendar API to add events to the calendars of all users in a Google Workspace domain would use a service account to access the Google Calendar API on behalf of users. Authorizing a service account to access data on behalf of users in a domain is sometimes referred to as "delegating domain-wide authority" to a service account.
From your Google Workspace domain's Admin console, go to Main menu > Security > Access and data control > API Controls.
In the Domain wide delegation pane, select Manage Domain Wide Delegation.
Click Add new.
In the Client ID field, enter the service account's Client ID we created from Part 2. You can also find your service account's client ID in the Service Accounts Page.
For the OAuth scopes, you must include the following:
Step 4: Turn on the APIs for the service account
Click APIs & Services > Library. You might have to click Menu first.
Enable Admin SDK API as seen below.
Step 5: Generate Keys
Go to the Service AccountsPage, look for the service account we've created and click on the Settings > Manage Keys > Add Key > Create new key.
Make sure the key type is set to JSON and click Create.
Once you've created the key, the file will automatically be downloaded to your computer. Kindly reach out to your Sana Engagement Manager or Sana Integrations Specialist to provide you with the next steps to securely share the file.