Integrate the Google Workspace Identity Service

The Google Workspace identity service feature is an enhancement to the Cisco Umbrella Chromebook client. The Google Workspace identity service adds the Google Workspace Organizational Units (OUs) and Google Workspace Users to the Umbrella policy. For more information, see Google Workspace Identity Service.

Table of Contents

• Known Limitations
• Prerequisites
• Procedure

Known Limitations

• Google Workspace identities-based policy and enforcement is supported only on Chromebooks with Umbrella Chromebook client software.
• Google OU and User information updates can take up to 60 mins to appear in the Cisco Umbrella dashboard.
• New Umbrella Chromebook client customers onboarding with the Google Workspace identity service for more than 250K identities must create a support case at [email protected]. A support case is not required for existing Google Workspace users.
• Google Workspace Groups are not supported for import to Umbrella. Only Google Workspace Users and OUs can be imported.

Prerequisites

• The Google Workspace administrator account must have full administrative privileges on the Umbrella dashboard.

Procedure

Enabling the Google Workspace identity service for the Umbrella Chromebook client requires the following steps:

• Step 1: Update the Umbrella Chromebook Configuration
• Step 2: Install the Cisco User Management Connector App
• Step 3: Enter Your Google Workspace Super Administrator ID in the Umbrella Dashboard

Step 1: Update the Umbrella Chromebook Configuration

1. In the Umbrella Chromebook config file that you downloaded as per the instructions in Deploy the Chromebook Client, set the Value field in googleDirectoryService to true. Save the config file.

{"failClose":{"Value":false},"failOpenRetryInterval":{"Value":5},"googleDirectoryService":{"Value":false},"organizationInfo":{"Value":{"organizationId":<ORG-ID>,”productId":3,"regToken”:”<REG-TOKEN>”}},”publicSession":{"Value":false},"vaIPs":{"Value":[]}}

Step 2: Install the Cisco User Management Connector App

The Cisco User Management Connector app authorizes the scopes needed by Umbrella to retrieve information from your Google Workspace account. The Cisco User Management Connector app needs to be installed at the parent domain level and not at the OU level because this will cause synchronization issues.

1. Open your Google Workspace administration console, using the Google Workspace super administrator ID.
2. Navigate to the Cisco User Management Connector app in the Google Workspace Marketplace.

3. Click Domain Install and in the dialog that appears, click Accept.

You can review detailed information about the scopes required by the Cisco User Management Connector app.

Step 3: Enter Your Google Workspace Super Administrator ID in the Umbrella Dashboard

1. Navigate to Deployments > Core Identities > Chromebook Users and click Configure.

1. Click Sign In and in the dialog that appears, select the super administrator account.

3. Sign in to sync your Google Workspace identities with Umbrella. A sync can take up to 60 minutes.
   After the sync, the Umbrella Policies page displays the Google Workspace identities: Google Workspace OUs and Google Workspace Users.

Remove Cisco Chromebook Client Software < Integrate the Google Workspace Identity Service > Chromebook Client FAQ