Google Cloud Identity
Last updated
Last updated
MangoApps supports integration with Google Cloud Identity as an SSO provider using LDAP. This integration allows user and group synchronization between Google Cloud Identity and MangoApps, eliminating the need for complex on-premise Active Directory setups.
This configuration saves IT overhead and enhances user management efficiency for enterprises already leveraging Google’s cloud infrastructure.
To set up and manage this integration, the following roles are required:
Google Cloud Identity Admin: Responsible for configuring the LDAP client within the Google Admin Console.
MangoApps Network Admin: Required to access the MangoApps Admin Portal to complete the LDAP connection setup and sync configuration.
Ensure that both roles have the necessary access permissions in their respective platforms before proceeding.
Navigate to Apps > LDAP > Add Client
.
Provide a Client Name and Description.
Set Access Permissions
Verify User's Credentials: Select Entire Domain.
Read User's Information: Select Entire Domain.
Attributes Access: Choose System attributes, Public Custom, and Private Custom.
Enable Group Access: Toggle on the Read Group Information setting.
Finally, click the Add LDAP Client button.
Download Certificate
Download the automatically generated certificate.
Click Continue to Client Details.
Generate Credentials
Go to Apps > LDAP > Settings > Authentication
and generate new credentials for authentication.
Enable Service
Go to the Status Service, select ON for everyone, and click Save.
Log in to the MangoApps Admin Portal and navigate to Admin Portal > SSO > Connection > Active Directory/LDAP
. Toggle on Active Directory LDAP Integration.
Configure server settings as follows:
Server Type: Select Google LDAP from the dropdown.
Host & Port: Enter the values provided by your LDAP configuration.
Group DN & Base DN: Enter the names required.
Certificate: Upload the certificate downloaded from the Google Admin Console.
Login Details: Enter the username and password generated earlier.
Click Test Connection to verify.
Configure User Mapping
Set up user attribute mappings to sync profile data.
Choose between Scheduled Sync or Just-In-Time (JIT) Sync and use User Object Filters to define which users should be synced.
Configure Group Mapping
Enable Group Sync by checking the box anad use Group Object Filters to specify which groups to sync.
Map group attributes and apply Group Membership Rules to automate user assignment.
Click Save Settings.
Use the Preview & Synchronize option to view a list of users and groups that meet your filters.
Before a full rollout:
Use Preview & Synchronize to verify user and group data being pulled from Google Cloud Identity.
Test login behavior with a subset of users to confirm credentials and group-based access policies.
Confirm that changes in user profiles or group memberships in Google are reflected in MangoApps through sync.
Data Security: All communication between MangoApps and Google LDAP is secured via SSL using the downloaded certificate.
Access Control: Use filters to limit synchronization to only necessary users and groups.
Credential Handling: Use system-generated credentials from the Google Admin Console to ensure secure authentication.
Audit Logs: Monitor LDAP sync activities through MangoApps admin logs for transparency.
For end users, this integration provides:
Single Sign-On (SSO): Users log in to MangoApps using their Google Cloud Identity credentials.
Seamless Access: Automatically gain access to appropriate teams and projects based on group memberships.
Up-to-Date Profiles: Profile information like job title, department, and contact details remain consistent across platforms.
No additional configuration is needed on the user's end.
To ensure a smooth transition:
Begin with a small user group to validate the integration.
Provide internal guides to explain the new login process.
Have IT support available during rollout to address any access issues.
Roll out to departments or regions in phases if your organization is large.
Log in to Google Admin Console from here: . Log in using a Google Cloud Identity Admin account.