Scribd Logo
Upload

Welcome to Scribd!

  • 60 views

    Set Up Google Directory in The Cloud Identity Engine

    Uploaded by

    fjelves
    PA set-up-google-directory-in-the-cloud-identity-engine

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Set Up Google Directory in The Cloud Identity Engine

    Uploaded by

    fjelves
    60 views13 pages
    PA set-up-google-directory-in-the-cloud-identity-engine

    Original Title

    set-up-google-directory-in-the-cloud-identity-engine

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    PA set-up-google-directory-in-the-cloud-identity-engine

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    60 views13 pages

    Set Up Google Directory in The Cloud Identity Engine

    Uploaded by

    fjelves
    PA set-up-google-directory-in-the-cloud-identity-engine

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 13

    Set Up Google Directory in the Cloud

    Identity Engine

    docs.paloaltonetworks.com
    Contact Information
    Corporate Headquarters:
    Palo Alto Networks
    3000 Tannery Way
    Santa Clara, CA 95054
    www.paloaltonetworks.com/company/contact-support

    About the Documentation


    • To ensure you are viewing the most current version of this document, or to access related
    documentation, visit the Technical Documentation portal: docs.paloaltonetworks.com.
    • To search for a specific topic, go to our search page: docs.paloaltonetworks.com/search.html.
    • Have feedback or questions for us? Leave a comment on any page in the portal, or write to us at
    documentation@paloaltonetworks.com.

    Copyright
    Palo Alto Networks, Inc.
    www.paloaltonetworks.com

    © 2021-2021 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo
    Alto Networks. A list of our trademarks can be found at www.paloaltonetworks.com/company/
    trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.

    Last Revised
    September 8, 2021

    2 SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE |


    Table of Contents
    Set Up Google Directory...................................................................................4
    Set Up Google Directory in the Cloud Identity Engine..................................................................... 5
    Google Directory Attributes...................................................................................................... 11

    TABLE OF CONTENTS iii


    Set Up Google Directory
    Learn how to set up Google Directory in the Cloud Identity Engine. For more information on the Cloud
    Identity Engine, refer to the Cloud Identity Engine documentation.
    • Set Up Google Directory in the Cloud Identity Engine

    4 SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE |


    © Palo Alto Networks, Inc.
    Set Up Google Directory in the Cloud Identity
    Engine
    When you configure your Google Directory in the Cloud Identity Engine, the Cloud Identity Engine can
    access your Google Directory information to identify users and enforce security policy.

    STEP 1 | If you have not already done so, activate the Cloud Identity Engine.

    STEP 2 | Grant the necessary administrator rights in the Google Admin console for the Cloud Identity
    Engine.
    1. In the Google Admin console, select Admin roles.
    2. Select a role then click Privileges.
    3. Select the following privileges then Save your changes:
    • Admin console privileges
    •Organizational Units > Read
    •Users > Read
    •Services > Mobile Device Management > Manage Devices and Settings
    •Services > Chrome Management > Settings > Manage Chrome OS > Devices > Manage
    Chrome OS Devices (read only)
    • Domain Settings
    • Admin API privileges
    • Organization Units > Read
    • Users > Read
    • Groups > Read
    • Domain Management

    SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE | 5


    © Palo Alto Networks, Inc.
    STEP 3 | Log in to the Google Admin console and configure the Cloud Identity Engine app in the Google
    Admin console.
    1. Select Security > API controls and click Manage Third-Party App Access.

    6 SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE |


    © Palo Alto Networks, Inc.
    2. Select Configure new app > OAuth App Name Or Client ID.

    3. Enter Palo Alto Networks Cloud Identity Engine Directory Sync and click Search.

    4. Select the Palo Alto Networks Cloud Identity Engine Directory Sync app.
    5. Select the OAuth Client ID option if it is not already selected then click Select.

    SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE | 7


    © Palo Alto Networks, Inc.
    6. Select Trusted: Can access all Google services as the App access option then Configure the app.

    STEP 4 | Collect the necessary information from the Google Admin console to configure Google
    Directory in the Cloud Identity Engine.
    1. Select Account > Account Settings.
    2. Copy the Customer ID and store it in a secure location.

    8 SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE |


    © Palo Alto Networks, Inc.
    STEP 5 | In the Cloud Identity Engine app, select Directories > Add Directory.

    STEP 6 | Set Up a Cloud Directory and select Google (Beta).

    STEP 7 | Enter your Customer ID that you copied in Step 4.

    STEP 8 | Sign in to Google by entering the Google Admin credentials for the account associated with
    the Customer ID.

    SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE | 9


    © Palo Alto Networks, Inc.
    When the login is successful, Signed In displays.

    STEP 9 | Click Test Connection to verify your configuration.


    When the test is successful, Success displays.

    STEP 10 | (Optional) Customize the name the Cloud Identity Engine displays for your Google Directory.
    By default, the Cloud Identity Engine uses the default domain name.

    STEP 11 | Submit the configuration.


    When the configuration is submitted successfully, the Cloud Identity Engine displays the Directories
    page.

    You can now use information from your Google Directory in the Cloud Identity Engine when you
    configure a user- or group-based security policy rule or with other Palo Alto Networks applications.

    10 SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE |


    © Palo Alto Networks, Inc.
    Google Directory Attributes
    To identify users and apply security policy, the Cloud Identity Engine collects the following attributes from
    Google Directory:
    • User Attributes
    • Organizational Unit (OU) Attributes
    • Group Attributes
    • Computer Attributes

    User Attributes

    Palo Alto Networks Attribute Google Directory Field

    BusinessPhones phones

    Country country

    Given Name givenName

    Groups memberOf

    Last Logon Time lastLoginTime

    Location locations

    Mail primaryEmail

    Name fullName

    OtherMails emails

    PreferredLanguage languages

    SID etag

    State state

    StreetAddress streetAddress

    Sur Name familyName

    Title title

    Unique Identifier objectGUID

    User Principal Name userName

    UserAccountControl suspended

    UserType isAdmin

    createdDateTime creationTime

    SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE | 11


    © Palo Alto Networks, Inc.
    Organizational Unit (OU) Attributes

    Palo Alto Networks Attribute Google Directory Field

    Description description

    Name name

    Unique Identifier objectGUID

    When Changed whenChanged

    Group Attributes

    Palo Alto Networks Attribute Google Directory Field

    Group Type kind

    Groups memberOf

    Mail email

    Member member

    Name name

    SAM Account Name sAMAccountName

    SID etag

    Unique Identifier objectGUID

    Computer Attributes

    Palo Alto Networks Attribute Google Directory Field

    Common-Name cn

    Groups memberOf

    HostName dNSHostName

    Last Login lastLogon

    LastLogonTime lastLogonTimestamp

    NETBIOS Name nETBIOSName

    Name displayName

    12 SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE |


    © Palo Alto Networks, Inc.
    Palo Alto Networks Attribute Google Directory Field

    OS operatingSystem

    OSServicePack operatingSystemServicePack

    OSVersion operatingSystemVersion

    Object Class objectClass

    Primary Group ID primaryGroupID

    SAM Account Name sAMAccountName

    SID etag

    SID History sIDHistory

    Serial Number serialNumber

    Service Principal Name servicePrincipalName

    Unique Identifier objectGUID

    User Principal Name userPrincipalName

    User Account Control userAccountControl

    SET UP GOOGLE DIRECTORY IN THE CLOUD IDENTITY ENGINE | 13


    © Palo Alto Networks, Inc.

    You might also like