In this article, I would like to describe the installation and use of our new Google Apps for Work connector. In parallel we have also published a new connector for Microsoft Office 365, but I will be describing its installation in a separate blog article.
The integration of Google Apps for Work in UCS saves administrators the time-consuming creation of user accounts in the Google administration interface: They now simply need to place a check in the UMC, and a Google account is created and ready for use. This is also convenient for users, as they only need to remember one password. Thanks to the single sign-on (SSO) mechanism, you can log in to UCS locally and can work on the cloud immediately – your password never leaves the company.
For it to be possible for UCS to create Google accounts in the background without the intervention of an administrator, a secure connection to Google’s cloud needs to be configured. Luckily, there is a wizard to guide you through the whole process, which isn’t exactly straightforward.
If the configuration is successful, you can select the users for which you want to create Google accounts in the Univention Management Console (UMC).
As of this point, selected account attributes from the UCS accounts are synchronized to the accounts on Google’s cloud. The attributes to be synchronized (first name, surname, telephone number, etc.) can be configured via UCR. It is not only possible to configurable which attributes are synchronized, but also whether the values are anonymized, set statically to a certain value, or should be copied correctly.
Installation
The use of the Google Apps for Work connector requires a Google Apps for Work administrator account and a domain verified by Google.
A free Google Apps for Work account can be created for test purposes. However, the configuration of the SSO requires an individual Internet domain in which TXT records can be created.
If you still don’t have a Google Apps for Work account, go to https://apps.google.com/intx/en/setup-hub/ and click on “Start your free trial”. It is not possible to establish a connection to UCS with a private Gmail account.
You can see whether the ownership of your domain has been verified by Google by logging in to the Admin console and checking under “Domains” (click on “More Widgets”) and then “Add or Remove Domains”.
If not, you can add and verify your own domain here. To do so, it will be necessary to create a TXT record for your domain in the DNS. The procedure can take a little while.
If it is successful, you can install the app in the App Center and start the wizard.