Views:

This section describes how to add Google information on TMWS to connect TMWS as a service provider with Google as an identity provider for user authentication and synchronization.

  1. Log on to the TMWS management console, and go to Administration > USERS & AUTHENTICATION > Directory Services.
  2. Click here on the upper area of the screen.
  3. On the Authentication Method screen that appears, click Google.
  4. Click On or Off to decide whether to allow the Google Workspace users of your organization to visit websites through TMWS if their data is not synchronized to TMWS.
    Note:

    Users not synchronized from Google Workspace can be authenticated only through known TMWS gateways or the dedicated port for your organization.

  5. Configure Identity Provider Settings as follows:

    Service URL

    SSO URL on the Google Admin console

    Public SSL certificate

    Certificate downloaded from the Google Admin console

    After the certificate is uploaded, TMWS shows the SHA-256 fingerprint of the certificate on the screen. To confirm the validity of the certificate, view the fingerprint associated with the certificate on the Google Admin console.
  6. Configure Synchronization Settings as follows:

    Service account key file

    Private key file for the service account created on the Google Cloud Platform console and downloaded to your computer

    After the file is uploaded, TMWS shows the private key ID on the screen. To confirm the validity of the key, view the key associated with the service account on the Google Cloud Platform console.

    Google Workspace super admin account

    Google Workspace super admin account used to configure SSO and synchronization settings in Google

    Synchronization schedule

    Select to synchronize with Google Directory manually or according to a schedule

    If you choose Manually, whenever there are changes to Google directory user information, remember to go back to the Directory Services screen and perform manual synchronization so that information in TMWS remains current.

    Note:

    If you choose a schedule, the time to start automatic synchronization depends on the finish time of last synchronization. For example, for a daily schedule, the next synchronization would take place about 24 hours after the last synchronization is completed.
  7. Click Test Connection to check whether the Google directory service can be connected successfully.
  8. Click Save.
Parent topic: Google Authentication