# Google Cloud Identity ### **Overview** MangoApps supports integration with Google Cloud Identity as an SSO provider using LDAP. This integration allows user and group synchronization between Google Cloud Identity and MangoApps, eliminating the need for complex on-premise Active Directory setups.

This configuration saves IT overhead and enhances user management efficiency for enterprises already leveraging Google’s cloud infrastructure. *** ### **Required Roles** To set up and manage this integration, the following roles are required: * **Google Cloud Identity Admin:** Responsible for configuring the LDAP client within the Google Admin Console. * **MangoApps Network Admin:** Required to access the MangoApps Admin Portal to complete the LDAP connection setup and sync configuration. Ensure that both roles have the necessary access permissions in their respective platforms before proceeding. *** ### Google Admin Console Configuration **Side Setup** Log in to Google Admin Console from here: [admin.google.com](https://admin.google.com). Log in using a Google Cloud Identity Admin account. Navigate to `Apps > LDAP > Add Client`.

Provide a **Client Name** and **Description**.

**Set Access Permissions** * **Verify User's Credentials:** Select **Entire Domain**. * **Read User's Information:** Select **Entire Domain**. * **Attributes Access:** Choose **System attributes**, **Public Custom**, and **Private Custom**.

* **Enable Group Access:** Toggle on the **Read Group Information** setting. Finally, click the **Add LDAP Client** button. **Download Certificate** * Download the automatically generated certificate. * Click **Continue to Client Details**.

**Generate Credentials** Go to `Apps > LDAP > Settings > Authentication` and generate new credentials for authentication.

**Enable Service** Go to the **Status Service**, select **ON for everyone**, and click **Save**.

*** ### **MangoApps Side Setup** Log in to the MangoApps Admin Portal and navigate to `Admin Portal > SSO > Connection > Active Directory/LDAP`. Toggle on **Active Directory LDAP Integration**.

Configure server settings as follows: * **Server Type:** Select **Google LDAP** from the dropdown. * **Host & Port:** Enter the values provided by your LDAP configuration. * **Group DN & Base DN:** Enter the names required. * **Certificate:** Upload the certificate downloaded from the Google Admin Console. * **Login Details:** Enter the username and password generated earlier. Click **Test Connection** to verify. *** **Configure User Mapping** Set up user attribute mappings to sync profile data.

Choose between **Scheduled Sync** or **Just-In-Time (JIT) Sync** and use **User Object Filters** to define which users should be synced. *** **Configure Group Mapping** Enable **Group Sync** by checking the box anad use **Group Object Filters** to specify which groups to sync.

Map group attributes and apply **Group Membership Rules** to automate user assignment. Click **Save Settings**. Use the **Preview & Synchronize** option to view a list of users and groups that meet your filters. *** ### **Testing Considerations** Before a full rollout: * Use **Preview & Synchronize** to verify user and group data being pulled from Google Cloud Identity. * Test **login behavior** with a subset of users to confirm credentials and group-based access policies. * Confirm that changes in user profiles or group memberships in Google are reflected in MangoApps through sync. *** ### **Security Considerations** * **Data Security:** All communication between MangoApps and Google LDAP is secured via SSL using the downloaded certificate. * **Access Control:** Use filters to limit synchronization to only necessary users and groups. * **Credential Handling:** Use system-generated credentials from the Google Admin Console to ensure secure authentication. *** ### **End User Experience** For end users, this integration provides: * **Single Sign-On (SSO):** Users log in to MangoApps using their Google Cloud Identity credentials. * **Seamless Access:** Automatically gain access to appropriate teams and projects based on group memberships. * **Up-to-Date Profiles:** Profile information like job title, department, and contact details remain consistent across platforms. No additional configuration is needed on the user's end. *** ### **Rollout Recommendations** To ensure a smooth transition: * Begin with a small user group to validate the integration. * Provide internal guides to explain the new login process. * Have IT support available during rollout to address any access issues. * Roll out to departments or regions in phases if your organization is large. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://guides.mangoapps.com/integrations-guide/single-sign-on/sso-integrations-by-provider/sso-integrations-for-google-workspace/google-cloud-identity.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.