Integrate with Google Single Sign-On (SSO)

Users with the Manage District Settings user permission can set up single sign-on with Google.

This is a four-step process:

  1. Create a new service account within the Google API Console.
  2. Enable domain-wide delegation to the new service account.
  3. Install the JSON file in IT Asset Manager.
  4. Import Google users into IT Asset Manager via Google Groups.

Important: Because of the technical knowledge required, your district's IT administrator will most likely need to perform this procedure.

Step 1: Create a new service account

  1. Go to the Google API Console.
  2. Create a service account.

Step 2: Enable domain-wide delegation to the service account

Note: A user with the Google super administrator role is required to perform this task.
  1. Open a new browser window.
  2. Control API access with domain-wide delegation.

Step 3: Install the JSON file in IT Asset Manager

  1. In IT Asset Manager, select Settings > Single Sign On > Google SSO Admin. The Google SSO Administration page appears.

  1. Next to Administrator Email Address, enter the email address for the Google domain super administrator.
    Note: Administrator Email Address should be the same domain Administrator Email Address that enabled the domain-wide delegation. This email address will impersonate the service account.
  1. Under Service Account File, upload the JSON file that was downloaded in Step 2.
    Note: This is the JSON Service Account file that was downloaded from the Google developer console. Save and then perform the test to check the validity of the service account credentials.

  1. If you want to Auto Sync Google Users, select the checkbox.

  1. Click Save.

Step 4: Import users via Google Groups

  1. In IT Asset Manager, select Settings > Single Sign On > Google SSO Groups. The Manage Google SSO Groups page appears.
    Manage Google SSO Groups page.
  2. Click +Add Google Group. A pop-up appears.

    Add Google SSO Group page.

  3. Enter a Group Name and Group Email Address.
    Note: The View Google Users button shows the users within that group.
  4. Select the default Roles you want the users to have.
  5. Select the default Buildings you want the users to have access to.
  6. Select the default Request Types you want the users to have access to.
  7. To activate the group, select the Active checkbox.
    Note: Only active groups are synced nightly.
  8. Click Save and Sync Users.
  9. Repeat steps 2-4 for any additional Google groups you want.