In This Article


Overview

Using G Suite as an Identity Source is a great option if you're already a G Suite Apps user!


Configuration Steps

  • Sign into the Clearlogin Admin Console:  https://admin.clearlogin.com
  • In the left navigation bar, browse to:  Identity Sources
  • Click on the New Identity Source button, and select G Suite


  • Name your new Identity Source, and choose a priority.  Once you're done, click on Create Google Identity Source.


  • On the Summary page, click on Sync Admin Account.

  • You will be asked to log into your G Suite account.  Follow Google's log in prompts.

    Best practices dictate that you use a designated service account for logging into G Suite during this step.  This is to avoid losing functionality in case an administrator whose account could be used to do this has their account disabled (IE:  if they leave the organization).

  • When prompted to approve access, click the Allow button.


  • After approving access you will be brought back to to Clearlogin.


If you are using the G Suite Apps, then please continue to the next section.


Using Directory Sync

Directory Sync is a feature that is required if you are using both a G Suite Identity Source and the G Suite Apps.  Directory Sync synchronizes G Suite Directory with Clearlogin Directory (CLD).  This is necessary because without it, a login loop is created that does not allow you to access G Suite Apps.

Directory Sync is a one-directional synchronization from a G Suite Directory to a Clearlogin Directory (CLD).  When using Directory Sync you will be authenticating from a cloned instance of your G Suite Directory that is stored in CLD.  You should still perform all G Suite Directory administration from its console. 


  • Log into the Admin Portal:  https://admin.clearlogin.com
  • Select Identity Sources from the left-hand navigation bar.
  • Click on your instance of G-Suite from your list of identity sources.
  • On the Summary page, in the right-hand sidebar, click the Directory Sync Settings button


  • On the Directory Sync page, configure your settings:

    • Sync Endpoint:  Select a Clearlogin Directory as the Sync Endpoint.

    • Automatic Sync:  Run Sync automatically at regular intervals.  Daily automatic sync occurs at 1AM EST.

    • Settings for User Creation:  Set how passwords will be handled for users created during Sync.

    • Default password:  Assign a specific password to any new users. If this is blank, new users will be assigned randomized passwords.

    • Email passwords to:  If any users are created, select who should receive those passwords by email. Options include:

      • Email Addresses Below - Will send the list of new users and their passwords to the specified email addresses.

      • Corresponding Users - Will send an email to each new user with their randomized password.

    • Admin email addresses: List of comma-separated email addresses that will receive the list of new users and their passwords.

  • Save your settings when you are done.





  • No labels