Administration Console: Configuring Directory Synchronization for G Suite

Document created by user.oxriBaJeN4 Employee on Jul 4, 2018Last modified by user.Yo2IBgvWqr on Jul 16, 2018
Version 5Show Document
  • View in full screen mode

Prior to performing the steps below, the Google Admin must be used to:

  • Configure the Google Administration Console. You'll need a Super Administrator logon.
  • Enable the Admin SDK. You'll need access to the API Console.
  • Create a Service Account.
  • Authorize the Service Account's Client Id.
See the Configuring G Suite for Directory Synchronization page for full details.

When the above tasks are completed you must perform the following tasks in the Mimecast Administration Console:

  • Create a Directory Connector.
  • Test the directory synchronization.
  • Check that users and groups are synchronizing.
Due to a limitation in G Suite, only custom attributes (i.e. non-standard) are synchronized. Additionally G Suite doesn't synchronize passwords or provide any authentication functionality. If you require authentication for your G Suite applications, use Exchange EWS or ADFS domain authentication functionality.

Creating a Directory Connector

 

To create a directory connector, you must have the following pieces of information to hand:

 

To create a directory connector:

  1. Log on to the Mimecast Administration Console.
  2. Click on the Administration toolbar menu item.
  3. Click on the Services | Directory Synchronization menu item.
  4. Click on the New Directory Connector button.
  5. Complete the Directory Access Properties dialog as follows:
    Field / OptionValue
    DescriptionEnter a value to identify the directory connector (e.g. G Suite Directory Synchronization).
    TypeSelect the "Google Directory" value from the drop down list.
    Email AddressEnter the email address of the user created and added to the custom admin role. See the "Google Administration Console Configuration" section above.
    Service Account JSON FileEnter the content of the service account's private key. See the "Creating a Service Account" section above.
    Acknowledge Suspended Accounts in Google DirectoryIf selected, users are disabled in Mimecast if they have a "Suspended" status in G Suite.
    Optional Email Domains FilterIf selected, any internal domains not listed are ignored.
  6. Click on the Save button.

 

Testing the ConnectionTesting a Directory Synchronization Connection

 

To test the directory synchronization connection:

  1. Ensure the required Directory Connector is displayed. The Directory Access Properties dialog is displayed.
  2. Click on the Test Connection button.
    The test may take a couple of minutes to complete. Once complete the results are displayed at the bottom of the dialog.
  3. Check the test's result shows "Google Directory login completed".
  4. Click on the Save and Exit button.
  5. If required, click on the Sync Directory Data button to start synchronizing.

 

Checking Users / Groups Synchronization

 

You can check which users and groups have been synchronized by:

  • Downloading the full results file.
  • Using the Administration Console.

 

To check which users have been synchronized via the Administration Console:

  1. Log on to the Administration Console.
  2. Click on the Administration toolbar menu item.
  3. Click on the Directories | Internal Directories menu item.
  4. Click on the required Domain.
  5. Check that all the users are listed.

 

To check which groups have been synchronized via the Administration Console:

  1. Log on to the Administration Console.
  2. Click on the Administration toolbar menu item.
  3. Click on the Directories | Directory Groups menu item.
  4. Expand the required node in the navigator.
  5. Check that all the groups are listed.

 

See Also...

 

Attachments

    Outcomes