Professional Documents
Culture Documents
Set Up Google Directory in The Cloud Identity Engine
Set Up Google Directory in The Cloud Identity Engine
Set Up Google Directory in The Cloud Identity Engine
Identity Engine
docs.paloaltonetworks.com
Contact Information
Corporate Headquarters:
Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
www.paloaltonetworks.com/company/contact-support
Copyright
Palo Alto Networks, Inc.
www.paloaltonetworks.com
© 2021-2021 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo
Alto Networks. A list of our trademarks can be found at www.paloaltonetworks.com/company/
trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.
Last Revised
September 8, 2021
STEP 1 | If you have not already done so, activate the Cloud Identity Engine.
STEP 2 | Grant the necessary administrator rights in the Google Admin console for the Cloud Identity
Engine.
1. In the Google Admin console, select Admin roles.
2. Select a role then click Privileges.
3. Select the following privileges then Save your changes:
• Admin console privileges
•Organizational Units > Read
•Users > Read
•Services > Mobile Device Management > Manage Devices and Settings
•Services > Chrome Management > Settings > Manage Chrome OS > Devices > Manage
Chrome OS Devices (read only)
• Domain Settings
• Admin API privileges
• Organization Units > Read
• Users > Read
• Groups > Read
• Domain Management
3. Enter Palo Alto Networks Cloud Identity Engine Directory Sync and click Search.
4. Select the Palo Alto Networks Cloud Identity Engine Directory Sync app.
5. Select the OAuth Client ID option if it is not already selected then click Select.
STEP 4 | Collect the necessary information from the Google Admin console to configure Google
Directory in the Cloud Identity Engine.
1. Select Account > Account Settings.
2. Copy the Customer ID and store it in a secure location.
STEP 8 | Sign in to Google by entering the Google Admin credentials for the account associated with
the Customer ID.
STEP 10 | (Optional) Customize the name the Cloud Identity Engine displays for your Google Directory.
By default, the Cloud Identity Engine uses the default domain name.
You can now use information from your Google Directory in the Cloud Identity Engine when you
configure a user- or group-based security policy rule or with other Palo Alto Networks applications.
User Attributes
BusinessPhones phones
Country country
Groups memberOf
Location locations
Mail primaryEmail
Name fullName
OtherMails emails
PreferredLanguage languages
SID etag
State state
StreetAddress streetAddress
Title title
UserAccountControl suspended
UserType isAdmin
createdDateTime creationTime
Description description
Name name
Group Attributes
Groups memberOf
Mail email
Member member
Name name
SID etag
Computer Attributes
Common-Name cn
Groups memberOf
HostName dNSHostName
LastLogonTime lastLogonTimestamp
Name displayName
OS operatingSystem
OSServicePack operatingSystemServicePack
OSVersion operatingSystemVersion
SID etag