Automated user provisioning integration with Google Workspace

 

RoboForm Automated Provisioning

RoboForm Automated Provisioning streamlines user and group administration for RoboForm organizations by integrating with their current Identity Provider (IdP). Once activated, changes made within your IdP, such as user additions or updates to user and group details, seamlessly synchronize with RoboForm. This synchronization encompasses user credentials, email IDs, group affiliations, and account statuses (creation, suspension, deletion), ensuring effortless management.

This article will cover how to enable provisioning through Google Workspace, additional documentation from Google's help center may be useful as an additional reference point during this process.

 

Integrate RoboForm With Google Workspace

1) Create a new project on Google Cloud Console.

Navigate to IAM & Admin >>Create a Project

 

2) In the Project Name field, enter a name for your project: "RoboForm".

Leave the default values in the Organization and Location fields. Click on Create.

 

3) In the top navigation, make sure the project you have just created is selected.

 

4) On the main dashboard, click on APIs & Services.

 

5) Click on + Enable APIs and Services.

 

6) In the search bar, enter Admin SDK API.

7) Click on Admin SDK API >>Click on Enable.

 

8) Open the navigation menu in the top-left corner and navigate to IAM & Admin >> Service Accounts.

 

9) Click on + Create service account.

 

10) In the Service account name field, enter the following: roboform-provisioning.

Click on Done.

 

11) Click on the three dots under the Actions for the service account you just created.

Click on Manage keys.

 

12) Click on Add Key >>Create new key.

 

13) Make sure that JSON is selected. Click on Create.

NOTE: Make sure that a file was downloaded, this will be required when setting up provisioning on the
RoboForm side.

 

14) Click on the Details tab.

 

15) Click on the Advanced settings text to expand more options.

Under Domain-wide Delegation section, copy the Client ID number.

 

16) Navigate to the Google Admin Console. In the left-most sidebar, click on Security >> Access and data control >> API controls.

 

17) Click on MANAGE DOMAIN WIDE DELEGATION >> Add new.

 

18) In the Client ID field, paste in the Client ID number you have previously copied (step 15).

In the OAuth scopes (comma-delimited) field, paste in the following text:
https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.group.member.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly

>> Click on AUTHORIZE.

 

19) In the left-most sidebar, click on Account >> Account settings.

 

20) Copy the email under Primary admin.

 

21) Navigate to the RoboForm Admin Center.

Click on Integrations.

 

22. Click on Google Workspace / G Suite.

 

23) Make sure that Automated provisioning is selected.

• In the Google Workspace primary admin email field, paste the previously copied email (step 20)
• Click on Upload JSON file
• Select the file that was previously downloaded (step 13)
• Click Next

 

24) Select your scope for provisioning. Click Activate integration.

 

25) Provisioning is now enabled, you should see the first results after 30 minutes.