Google Cloud Identity

Overview

MangoApps supports integration with Google Cloud Identity as an SSO provider using LDAP. This integration allows user and group synchronization between Google Cloud Identity and MangoApps, eliminating the need for complex on-premise Active Directory setups.

This configuration saves IT overhead and enhances user management efficiency for enterprises already leveraging Google’s cloud infrastructure.


Required Roles

To set up and manage this integration, the following roles are required:

  • Google Cloud Identity Admin: Responsible for configuring the LDAP client within the Google Admin Console.

  • MangoApps Network Admin: Required to access the MangoApps Admin Portal to complete the LDAP connection setup and sync configuration.

Ensure that both roles have the necessary access permissions in their respective platforms before proceeding.


Google Admin Console Configuration Side Setup

Log in to Google Admin Console from here: admin.google.com. Log in using a Google Cloud Identity Admin account.

Navigate to Apps > LDAP > Add Client.

Provide a Client Name and Description.

Set Access Permissions

  • Verify User's Credentials: Select Entire Domain.

  • Read User's Information: Select Entire Domain.

  • Attributes Access: Choose System attributes, Public Custom, and Private Custom.

  • Enable Group Access: Toggle on the Read Group Information setting.

Finally, click the Add LDAP Client button.

Download Certificate

  • Download the automatically generated certificate.

  • Click Continue to Client Details.

Generate Credentials

Go to Apps > LDAP > Settings > Authentication and generate new credentials for authentication.

Enable Service

Go to the Status Service, select ON for everyone, and click Save.


MangoApps Side Setup

Log in to the MangoApps Admin Portal and navigate to Admin Portal > SSO > Connection > Active Directory/LDAP. Toggle on Active Directory LDAP Integration.

Configure server settings as follows:

  • Server Type: Select Google LDAP from the dropdown.

  • Host & Port: Enter the values provided by your LDAP configuration.

  • Group DN & Base DN: Enter the names required.

  • Certificate: Upload the certificate downloaded from the Google Admin Console.

  • Login Details: Enter the username and password generated earlier.

Click Test Connection to verify.


Configure User Mapping

Set up user attribute mappings to sync profile data.

Choose between Scheduled Sync or Just-In-Time (JIT) Sync and use User Object Filters to define which users should be synced.


Configure Group Mapping

Enable Group Sync by checking the box anad use Group Object Filters to specify which groups to sync.

Map group attributes and apply Group Membership Rules to automate user assignment.

Click Save Settings.

Use the Preview & Synchronize option to view a list of users and groups that meet your filters.


Testing Considerations

Before a full rollout:

  • Use Preview & Synchronize to verify user and group data being pulled from Google Cloud Identity.

  • Test login behavior with a subset of users to confirm credentials and group-based access policies.

  • Confirm that changes in user profiles or group memberships in Google are reflected in MangoApps through sync.


Security Considerations

  • Data Security: All communication between MangoApps and Google LDAP is secured via SSL using the downloaded certificate.

  • Access Control: Use filters to limit synchronization to only necessary users and groups.

  • Credential Handling: Use system-generated credentials from the Google Admin Console to ensure secure authentication.


End User Experience

For end users, this integration provides:

  • Single Sign-On (SSO): Users log in to MangoApps using their Google Cloud Identity credentials.

  • Seamless Access: Automatically gain access to appropriate teams and projects based on group memberships.

  • Up-to-Date Profiles: Profile information like job title, department, and contact details remain consistent across platforms.

No additional configuration is needed on the user's end.


Rollout Recommendations

To ensure a smooth transition:

  • Begin with a small user group to validate the integration.

  • Provide internal guides to explain the new login process.

  • Have IT support available during rollout to address any access issues.

  • Roll out to departments or regions in phases if your organization is large.

Last updated