Integrate the G Suite Identity Service

The G Suite identity service feature is an enhancement to the Cisco Umbrella Chromebook client. The G Suite identity service adds the G Suite Organizational Units (OUs) and G Suite Users to the Secure Access policy. For more information, see G Suite Identity Service.

Table of Contents

• Known Limitations
• Prerequisites
• Procedure

Known Limitations

• G Suite identities-based policy and enforcement is supported only on Chromebooks with Umbrella Chromebook client software.
• Google OU and User information updates can take up to 60 mins to appear in the Cisco Secure Access dashboard.
• New Umbrella Chromebook client customers onboarding with the G Suite identity service for more than 250K identities must create a support case at [email protected]. A support case is not required for existing G Suite users.
• G Suite Groups are not supported for import to Secure Access. Only G Suite Users and OUs can be imported.

Prerequisites

• The G Suite administrator account must have full administrative privileges on the Secure Access dashboard.

Procedure

Enabling the G Suite identity service for the Umbrella Chromebook client requires the following steps:

• Step 1: Update the Chromebook Client Configuration
• Step 2: Install the Cisco Umbrella Authorizer App
• Step 3: Enter Your G Suite Super Administrator ID in the Secure Access Dashboard

Step 1: Update the Chromebook Client Configuration

1. In the Chromebook client configuration file that you downloaded in Deploy the Chromebook Client, set the Value field in googleDirectoryService to true. Save the configuration file.

{  
  "organizationInfo":{  
     "Value":{  
        "organizationId":1234567,
        "regToken":"GtTYPQfgSzQtGzYUrINmbjgTu5XriDtn"
     }
  },
  "vaIPs":{  
     "Value":[  
        "192.168.100.10",
        "192.168.100.11"
     ]
  },
  "googleDirectoryService": {
   	 "Value": true
  }
}

Step 2: Install the Cisco Umbrella Authorizer App

The Cisco Umbrella Authorizer application authorizes the scopes needed by Secure Access to retrieve information from your G Suite account. The Authorizer application needs to be installed at the parent domain level and not at the OU level because this will cause synchronization issues.

1. Open your G Suite administration console, using the G Suite super administrator ID.
2. Navigate to the Umbrella Authorizer app in the Google Workspace Marketplace.

3. Click Domain Install and in the dialog that appears, click Accept.

You can review detailed information about the scopes required by the Cisco Umbrella Authorizer app.

Step 3: Enter Your G Suite Super Administrator ID in the Secure Access Dashboard

1. Navigate to Deployments > Core Identities > Chromebook Users and click Download.

2. Click Sign In and in the dialog that appears, select the super administrator account.

3. Sign in to sync your G Suite identities with Umbrella. A sync can take up to 60 minutes.
   After the sync, the Secure Access Policies page displays the G Suite identities: G Suite OUs and G Suite Users.

Remove Cisco Chromebook Client Software < Integrate the G Suite Identity Service > Chromebook Client FAQ